.TAR Malicious Email Attachments

Online users who have received unexpected email messages with attached files with names ending with ".tar" are asked not to open them. This is because the attachments are encoded files that may contain malware, malicious programs or viruses. And, any attempt to open the malicious attachments will result in the recipients getting their computers infected with a virus, Trojan horse, spyware, ransomware or other malware.

.TAR Malicious Email Attachments

A Sample of a Malicious ".TAR" Email Message

Swift copy of payment

Thu 3/14/2019 1:42 PM

From: "Accounts officer"

Attachment: Payment.tar (127 KB)

Good Day,

Be informed that we have made the advance payment.

Kindly find the attached swift copy of payment made this morning.

Kindly do the needful.


Sarah Cline

Accounts officer


Mobile: +966 50 352 7781

Cybercriminals usually store their malware in compressed or '.TAR' files to help prevent antivirus software from detecting them. In other words, they do it because the compressed or encoded malicious email attachments may bypass the recipients' antivirus software.

What is a .TAR file?

Short for Tape Archive, and sometimes referred to as tarball, a file that has the TAR file extension is a file in the Consolidated Unix Archive format.

The TAR file format is common in Linux and Unix systems, but only for storing data, not compressing it. TAR files are often compressed after being created, but those become TGZ files, using the TGZ, TAR.GZ, or GZ extension.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Would you share this article with others?  +

DonateHelp maintain Online Threat Alerts (OTA).

Comments, Questions, Answers, or Reviews

There are no comments as yet, please leave one below or revisit.

To protect your privacy, please do not post or remove sensitive information in or from your comments, questions, or reviews. NB: We will use your IP address to display your approximate location to other users. That location is not enough to find you.

Your comment, answer, or review will be set as anonymous because you are not signed in. An anonymous comment, answer, or review cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

Write Your Comment, Question, Answer, or Review

Recommendation / Advertisement
.TAR Malicious Email Attachments