What are double extensions?
How do double extensions work?
Most file management software hide file extensions by default, so you see document.pdf instead of document.pdf.exe. The icon is also often changed to match the fake extension, which is the main reason why people in a hurry tend to overlook the fake extension, even if it’s not hidden. When unsuspecting victims open a file like this, they install malicious software on their devices.
Dangers of double file extensions
Since using double extensions is a simple, effective, and cheap way to trick distracted users into downloading and opening an executable file, hackers often employ this method. This is how cybercriminals managed to infect thousands of devices with CryptoLocker ransomware and extract 3M dollars from their victims.
How to avoid executing files with double extensions?
Double extensions could pose a real threat to your Windows device. Here’s what you can do to stop them:
How to enable the double file extension detection
Turn Threat Protection on and let it take care of everything.
What to do if you’ve opened a file with a double extension
You might need help removing some malware, but there are a few things you can do on your own:
- Disconnect the infected device from the internet to prevent further spread.
- Boot Windows into Safe Mode to restrict the malware’s operations.
- Use a reliable and up-to-date antivirus to scan and remove the threat.
- Manually delete any suspicious and unrecognized files (but only if you know what to look for).
- If the threat is serious and your files are backed up, consider a full system wipe.
- If you suspect you accidentally installed a keylogger, change passwords on all your sensitive accounts.