Hackers Using Windows Screensavers to Bypass Security and Install Malware

Cybercriminals exploit .scr files as phishing bait, bypassing security to install remote tools and control infected systems.

By Content Team

Feb 5, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are exploiting a sneaky new trick: using Windows screensaver files (.scr) to slip past security defenses and compromise organizations. ReliaQuest researchers discovered attackers sending business-themed phishing emails with links to malicious screensaver files hosted on cloud storage platforms.

The clever part? Most people don't realize screensaver files are actually executable programs that can run any code. This makes them perfect for bypassing security tools that might catch traditional malware.

Once victims download and run these files, they install legitimate remote management tools like JWrapper, giving hackers full control over the infected computer. From there, attackers can steal data, spread through networks, or deploy ransomware.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Qualcomm Zero-Day Exploited in Targeted Android Attacks

Mar 4, 2026

Cybercriminals Launch Lightning-Fast Ransomware Attacks in 24 Hours

Apr 8, 2026

Critical 'MongoBleed' Bug Under Active Attack, Patch Now

Jan 6, 2026

Cyber Fraud Now Top CEO Fear, Overtaking Ransomware Threat

Jan 14, 2026