Cybersecurity researchers have referred to as consideration to a novel phishing marketing campaign that leverages corrupted Microsoft Office paperwork and ZIP archives as a technique to bypass electronic mail defenses.
“The ongoing assault evades #antivirus software program, prevents uploads to sandboxes, and bypasses Outlook’s spam filters, permitting the malicious emails to succeed in your inbox,” ANY.RUN stated in a collection of posts on X.
The malicious exercise entails sending emails containing ZIP archives or Office attachments which might be deliberately corrupted in such a means that they can’t be scanned by safety instruments. These messages purpose to trick customers into opening the attachments with false guarantees of worker advantages and bonuses.
In different phrases, the corrupted state of the information implies that they aren’t flagged as suspicious or malicious by electronic mail filters and antivirus software program.
However, the assault nonetheless works as a result of it takes benefit of the built-in restoration mechanisms of packages like Word, Outlook, and WinRAR to relaunch such broken information in restoration mode.
ANY.RUN has revealed that the assault method has been employed by risk actors a minimum of since August 2024, describing it as a possible zero-day that’s being exploited to evade detection.
The finish aim of those assaults is to deceive customers into opening booby-trapped paperwork, which embed QR codes that, when scanned, redirect victims to fraudulent web sites for malware deployment or faux login pages for credential theft.
The findings as soon as once more illustrate how dangerous actors are continuously looking out for beforehand unseen strategies to get round electronic mail safety software program and guarantee their phishing emails land in targets’ inboxes.
“Although these information function efficiently throughout the OS, they continue to be undetected by most safety options as a result of failure to use correct procedures for his or her file varieties,” ANY.RUN stated.
“The file stays undetectable by safety instruments, but consumer purposes deal with it seamlessly attributable to built-in restoration mechanisms exploited by attackers.”
