A brand new phishing marketing campaign has been noticed corrupting Microsoft Phrase paperwork to bypass e-mail safety programs and trick customers into sharing delicate info.
The marketing campaign targets victims with emails impersonating payroll or HR departments, promising worker advantages or bonuses to lure recipients into opening malicious attachments.
These emails function attachments named to look reliable, comparable to:
-
Annual_Benefits_&Bonus_for[name].docx
-
Due_&Payment_for[name].docx.bin
-
Q4_Benefits_&Bonus_for[name].docx.bin
When opened, the recordsdata immediate Microsoft Phrase’s restoration mode, which reconstructs the doc and shows directions to scan a QR code. Scanning the code redirects customers to a pretend Microsoft login web page designed to reap login credentials.
Read more on QR code-powered scams: New Generation of Malicious QR Codes Uncovered by Researchers
Researchers at Any.Run recognized the marketing campaign, highlighting its revolutionary use of corrupted recordsdata on X (previously Twitter) final week.
🚨ALERT: Potential ZERO-DAY, Attackers Use Corrupted Recordsdata to Evade Detection 🧵 (1/3)
⚠️ The continuing assault evades #antivirus software program, prevents uploads to sandboxes, and bypasses Outlook’s spam filters, permitting the malicious emails to achieve your inboxThe #ANYRUN group… pic.twitter.com/0asnG72Gm9
— ANY.RUN (@anyrun_app) November 25, 2024
In contrast to conventional phishing methods, these attachments comprise no malicious code, making them seem protected to most antivirus software program and detection instruments. Most of the recordsdata uploaded to VirusTotal have been flagged as clear or went undetected fully.
The success of this marketing campaign lies in its exploitation of the hole between how working programs course of broken recordsdata and the way safety instruments analyze them.
“These recordsdata function efficiently throughout the OS however stay undetected as a result of failure to use correct procedures for his or her file sorts,” Any.Run researchers defined.
Tricks to Shield In opposition to Phishing
To remain protected from such threats, companies and people ought to take into account these greatest practices:
-
Be cautious of surprising emails with attachments, even when they appear work associated
-
Confirm the authenticity of emails with senders earlier than opening attachments
-
Use sandbox environments or superior detection instruments to research suspicious recordsdata
The marketing campaign has reportedly been lively since August and demonstrates the rising sophistication of phishing methods. Vigilance and strong cybersecurity measures stay essential to staying protected.
Picture credit score: Alex Picture Inventory / Shutterstock.com
