Skip to Content
files targeted by hackers
© Yuri Arcurs |
Security & privacy

Before you download, check that file! These are the file types hackers love most

If you follow reports from, you already know that cybercriminals frequently use malicious emails and text messages to infect victims’ devices with malware. The infection often comes from clicking on a Word document or PDF included in the email.

They sometimes use PNG files. Tap or click here to see how they do it. But a new report shows that malware is being delivered in clever new ways that make it more challenging to spot.

Keep reading to find out how criminals target your devices with malware and how to protect against it.

Here’s the backstory

Word documents, spreadsheets and text files are commonly used by hackers to inject malware into your devices. They send these malicious items through email or text messages. But a new Threat Intelligence report from HP Wolf Security suggests hackers have a new trick up their sleeves.

Criminals are increasingly using archivable file types such as ZIP or RAR files. These formats commonly compress larger, legitimate files into smaller single files. To access the content, the file must be extracted.

“Archives are attractive to threat actors because they are easily encrypted, making them difficult for web proxies, sandboxes and email scanners to detect malware,” HP explains in the report

It goes on to say that many companies use encrypted archives for legitimate reasons, making it challenging to reject encrypted archive email attachments. This puts the company at risk of data breaches and information fraud.

The use of ZIP and RAR increased by more than 10% over the last year. It now makes up 44% of all malware delivery systems. The use of executable files also increased by almost 10%, while PDF files stacked with malware dropped to only 2% of all instances. 

What you can do about it

Not all ZIP or RAR files are malicious. But you do need to be careful with any file sent to you through unsolicited text or email. No matter what type of file is included in a message, it could be an avenue of infection.

There are some ways to protect against malware infection. Follow these suggestions:

  • Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails or texts. They could be malicious, infect your device with malware and/or steal sensitive information.
  • Safeguard your information — Never give out personal data if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
  • Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for details on 2FA.
  • Use strong, unique passwords — Tap or click here for an easy way to follow this step with password managers.
  • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

Use this easy, free check to see if a site or file contains malware

Scam alert! 5 most dangerous software program names to Google

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me