Corrupted Microsoft Word files used to conduct phishing attacks
- Security researchers spotted corrupted files used in phishing campaigns
- These files bypass email security solutions
- Word can easily recover them and present malicious content to the victim
Cybercriminals have found a new and creative way to sneak phishing emails past your online defenses and into your inbox, experts warn.
A new report from cybersecurity researchers Any.Run observed crooks spreading corrupt Microsoft Word files in their campaigns. Most phishing emails come with an attachment. That file could itself be malware, or contain a link to a malicious website, or download.
In response, most email security solutions today analyze incoming attachments before the recipient can read them, and alert the victim if they have been targeted.
Stealing credentials
However, if the file is corrupted, security programs will not be able to read or analyze it and thus will not mark it as malicious. So hackers have now deliberately started corrupting the phishing files before sending them. The trick? Word can easily recover them.
Once they are recovered and readable, it is already too late for email security tools to scan them and the victim is presented with the malicious content, in this case a QR code leading to a fake Microsoft 365 login page.
Therefore, the aim of the recently observed campaign is to steal people’s cloud data.
“While these files function successfully within the operating system, they go undetected by most security solutions because proper procedures are not applied for their file types,” Any.Run said.
“They were uploaded to VirusTotal, but all antivirus solutions returned ‘clean’ or ‘Item not found’ because they could not properly analyze the file.”
Phishing remains one of the most popular attack vectors on the Internet. While there are many software solutions that help businesses minimize the threat, the best defense remains the same: use common sense and be careful with incoming email messages. This is especially true for messages that come from unknown sources and for messages that have a sense of urgency.
Via BleepingComputer
