Threat actors are embedding Windows installer (MSI) payloads within image files, particularly branded backgrounds, to evade detection. The technique is becoming increasingly prevalent, with recent campaigns distributing these files through email and file-sharing services like WeTransfer.

Why it matters in Western Canada: Organizations across Western Canada’s post-secondary, government, and corporate sectors regularly receive unsolicited email attachments and links. This low-effort obfuscation technique poses a significant risk to endpoint security if users execute malicious installers.

---

Summary generated from the original advisory. Read the full source: sans-isc