• Security researchers saw corrupted files used in phishing campaigns
  • These files bypass email protection solutions
  • Word can easily restore them, presenting malicious content to the victim

Cybercriminals have found a new and creative way to sneak phishing emails past your onlinedefenses and into your inbox, experts have warned.

A new report from cybersecurity researchers Any.Run observed crooks distributing corrupted Microsoft Word files in their campaigns. Most phishing emails come with an attachment. That file can either be malware itself, or can contain a link to a malicious website, or download.

In response, most email security solutions these days analyze incoming attachments before the recipient can read them, warning the victim if they are being targeted.

Stealing login credentials

However, if the file is corrupted, security programs cannot read, or analyze it, and thus cannot flag it as malicious. So, hackers have now started deliberately corrupting the phishing files, before sending them out. The trick? Word can easily restore them.

Once they are restored, and readable, it is already too late for email security tools to scan them, and the victim is presented with the malicious content which, in this case, is a QR code leading to a fake Microsoft 365 login page.

Therefore, the goal of the recently observed campaign is to steal people’s cloud credentials.

"Although these files operate successfully within the OS, they remain undetected by most security solutions due to the failure to apply proper procedures for their file types," Any.Run said.

"They were uploaded to VirusTotal, but all antivirus solutions returned "clean" or "Item Not Found" as they couldn't analyze the file properly."

Phishing remains one of the most popular attack vectors on the internet. While there are many software solutions helping businesses minimize the threat, the best defense remains the same - using common sense and being careful with incoming email messages. This rings particularly true for messages coming from unknown sources, and messages coming with a sense of urgency.

Via BleepingComputer

You might also like