Corrupted Microsoft Word files used to launch phishing attacks

Image Credit: Shutterstock (Image credit: wk1003mike / Shutterstock)

Security researchers saw corrupted files used in phishing campaigns
These files bypass email protection solutions
Word can easily restore them, presenting malicious content to the victim

Cybercriminals have found a new and creative way to sneak phishing emails past your onlinedefenses and into your inbox, experts have warned.

A new report from cybersecurity researchers Any.Run observed crooks distributing corrupted Microsoft Word files in their campaigns. Most phishing emails come with an attachment. That file can either be malware itself, or can contain a link to a malicious website, or download.

In response, most email security solutions these days analyze incoming attachments before the recipient can read them, warning the victim if they are being targeted.

You may like

However, if the file is corrupted, security programs cannot read, or analyze it, and thus cannot flag it as malicious. So, hackers have now started deliberately corrupting the phishing files, before sending them out. The trick? Word can easily restore them.

Once they are restored, and readable, it is already too late for email security tools to scan them, and the victim is presented with the malicious content which, in this case, is a QR code leading to a fake Microsoft 365 login page.

Therefore, the goal of the recently observed campaign is to steal people’s cloud credentials.

"Although these files operate successfully within the OS, they remain undetected by most security solutions due to the failure to apply proper procedures for their file types," Any.Run said.

"They were uploaded to VirusTotal, but all antivirus solutions returned "clean" or "Item Not Found" as they couldn't analyze the file properly."

Phishing remains one of the most popular attack vectors on the internet. While there are many software solutions helping businesses minimize the threat, the best defense remains the same - using common sense and being careful with incoming email messages. This rings particularly true for messages coming from unknown sources, and messages coming with a sense of urgency.

Via BleepingComputer

The first UEFI bootkit malware for Linux has been detected, so users beware
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.