Most of the users who use windows are aware of all kinds of file types. There are many types of files in windows, for example, for photos JPEG, PNG, for setup files EXE and other.
If you have used a file type for years which is harmless, but if suddenly it becomes dangerous then it’s a huge shock for you. We all know the risks which come via unknown EXE files. However, loading an untrusted image file can be dangerous, especially the Wallpaper file.
Serious Security: Hacking Windows passwords via your wallpaper
In the picture shown below, the first two icons look old. These are the documents with plain old written text. The icon in the middle which is a digital document, it is the real file called document which really is a text file. These filenames extensions are by default in Windows.
But, the first two picture shown below contains .js and the last pictures have .theme. Even though the icons look the same, but the file can be harmful.
If the user uses the .theme file then it might give access to a few of the resources like a password. If the .theme file is activated, the cred prompt is displayed to the user.
So, if you want to check out the extension is harmful or not, you can go to File Explorer and then click on View > File name extensions option. Then scroll down and check out the extension is real or fake.
[Credential Harvesting Trick] Using a Windows .theme file, the Wallpaper key can be configured to point to a remote auth-required http/s resource. When a user activates the theme file (e.g. opened from a link/attachment), a Windows cred prompt is displayed to the user 1/4 pic.twitter.com/rgR3a9KP6Q
— bohops (@bohops) September 5, 2020
If you open the untrusted image files then it can be dangerous. A Windows can assume that there is an unpatched vulnerability in the app or in the Window. This might be a trick used to hack passwords.
Normally, .theme files control these things:
- It automatically changes wallpapers
- desktop backgrounds
- sound files and many other things.
How to fix it?
So, to get rid of this problem, you can try out these things.
- Read password prompts carefully
- Avoid opening files with which you are not familiar
- Turn on the option to show file extensions
- Put proper password
- Report unusual content