As the use of internet-enabled devices grows, attackers may increasingly attempt to distribute and/or trick users into downloading illegitimate or malicious files. Once executed by or downloaded to a computing device, a malicious file may perform one or more harmful behaviors, such as tracking a user's computing activity, gaining access to sensitive information stored within a computing device, and/or hindering the performance of a computing device.
Attackers may attempt to trick users into downloading malicious files by designing the filenames of the files to appear innocuous. For example, an attacker may implement a multi-extension attack by inserting a filename extension (e.g., txt, pdf, png, etc.) and several blank or place-holding characters into the middle of a filename. When a user downloads the file, a user interface that displays the filename may cut off or truncate the final characters of the filename, thereby preventing the user from viewing the actual extension of the file. As such, the file may appear to be a benign text or media file instead of an executable or other file type more commonly associated with malware.
Unfortunately, traditional methods for detecting malicious files may be unable to accurately and/or efficiently detect multi-extension attacks. The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for detecting potentially illegitimate files.