: If you weren't expecting a file from someone, don't open it—even if it comes from a "known" contact (their account could be compromised).
: Enable Multi-Factor Authentication on all sensitive accounts. Even if a "PIG-mas" file steals your password, they won't be able to get in without your second factor.
: The message encourages you to open "Merry_PIG-mas.zip" to see a holiday card, a gift code, or a funny video.
: Once extracted, the file may execute a Trojan or Infostealer . These programs are designed to: Steal saved passwords from your browser. Siphon cryptocurrency from digital wallets. Capture keystrokes to grab banking logins. Provide "backdoor" access to your entire computer. Red Flags to Watch For
While the "PIG" in the name might sound like a joke, it often refers to or similar social engineering tactics where attackers "fatten up" a victim’s trust before delivering a devastating blow. In this case, the ZIP file typically contains an executable or a script designed to bypass basic antivirus detection. How the Attack Works
: Before opening any ZIP file, run it through an online scanner like VirusTotal .
: Ensure your operating system and browser are up to date to patch vulnerabilities that these scripts often exploit.
: You receive an email or a direct message via social platforms (like Discord or Telegram) with a festive theme. The sender might pose as a friend or a "Secret Santa."