A sophisticated phishing operation using deliberately corrupted Microsoft Office documents and ZIP archives has been discovered by cybersecurity researchers. The attack successfully evades antivirus software, sandbox analysis, and Outlook spam filters.
Key Features:
– Corrupted files prevent security tool scanning while remaining functional
– Exploits built-in recovery mechanisms in Word, Outlook, and WinRAR
– Active since August 2024
– Potentially a zero-day exploit
Attack Method:
1. Malicious emails containing corrupted attachments are sent
2. Messages use social engineering, promising employee benefits/bonuses
3. When opened, documents display QR codes
4. Scanning codes leads to:
– Malware distribution sites
– Phishing pages for credential theft
The technique’s effectiveness stems from security tools’ inability to analyze corrupted files, while standard applications can still process them through recovery features. This represents a new approach by threat actors to circumvent email security measures and deliver phishing content directly to user inboxes.