Cyber security news for all

More

    Hackers Exploit Corrupted ZIP Files and Office Documents to Outsmart Email Defenses

    Cybersecurity analysts have spotlighted a cunning phishing operation employing corrupted Microsoft Office documents and ZIP files to slip through email security measures undetected.

    “This ongoing campaign bypasses antivirus software, eludes sandbox uploads, and outmaneuvers Outlook’s spam filters, ensuring these malicious emails land directly in your inbox,” warned ANY.RUN in a series of posts on X.

    The attack’s methodology hinges on embedding corrupted Office files or ZIP archives in phishing emails. The intentional corruption renders the files unreadable by security tools, allowing them to evade scrutiny. These deceptive emails often lure victims with enticing promises, such as employee benefits or bonuses, to coax them into opening the attachments.

    While the corrupted nature of the files prevents detection by security solutions, the attackers exploit recovery mechanisms in applications like Microsoft Word, Outlook, and WinRAR. These built-in features repair the damaged files, enabling users to open them despite their altered state.

    ANY.RUN noted that this sophisticated tactic has been in use since at least August 2024. The researchers suggest it could represent a zero-day exploit, allowing bad actors to fly under the radar of even advanced detection systems.

    The campaign’s ultimate objective is to trick users into opening the booby-trapped documents, which contain embedded QR codes. Scanning these QR codes redirects victims to malicious websites, where malware can be installed or credentials stolen through fraudulent login pages.

    This strategy underscores the relentless innovation of cybercriminals in crafting techniques to outwit email defenses and guarantee their phishing emails reach unsuspecting targets.

    “Although these corrupted files operate seamlessly within the operating system thanks to recovery features, they remain virtually invisible to most security systems due to inadequate handling of their file types,” explained ANY.RUN.

    By manipulating these recovery mechanisms, attackers effectively mask the malicious nature of their payloads while ensuring user applications can process them without raising suspicion.

    This campaign serves as a stark reminder for organizations to bolster their defenses against increasingly creative attack strategies, emphasizing the need for heightened user awareness and robust email security protocols.

    Recent Articles

    Related Stories