Cybercriminals have come up with a new way to carry out phishing attacks by bypassing the security systems of potential victims and email services. To do this, they decided to use deliberately corrupted Microsoft Word files.
Image source: Rubaitul Azad / unsplash.com
Fraudsters have begun distributing corrupted Word files in their campaigns, cybersecurity experts at Any.Run have warned. Phishing emails often contain attachments—malicious files, links to malicious resources, or file downloads. Therefore, email security tools scan attachments before users even receive emails and alert potential victims of the attack.
If the attachment file is damaged, the security tool cannot read or analyze it, and therefore flag it as malicious. Therefore, cybercriminals began to deliberately damage phishing files before sending them. The trick is that Word can easily recover such a file. Once the file is restored and readable, the email security system no longer scans it, and the potential victim is shown malicious content – in one case, a QR code that contains a link to a fake Microsoft 365 login page. Thus, the goal of the detected campaign is theft credentials from cloud services.
The files successfully work in the operating system, remaining undetected by most security tools, experts say. The VirusTotal service does not respond to them either – all anti-virus solutions mark such files as “clean” or “not found” because they cannot properly analyze them. To protect against this type of attack, experts recommend being careful when handling incoming email messages and listening to your common sense.