.. /.Theme

Phishing
Double Click

Contributors:

mr.d0x

Description:

THEME files are used by Windows machines to customize desktop themes. They have been previously used by attackers to steal credentials because they often bypass antivirus detection.

OS:

Windows

Recommendation:

Block the download and execution of THEME files.

Resources:

https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-abused-to-steal-windows-passwords/

File Samples: