Hackers are leveraging corrupted ZIP files and Microsoft Office documents in a new phishing campaign designed to bypass email security defenses. This technique exploits built-in recovery features in common software, making it difficult for antivirus programs and email filters to detect.
The phishing emails often include corrupted ZIP archives or Office attachments that appear harmless to security systems. These corrupted files trick email filters, bypassing spam detection tools and antivirus software. The messages lure victims with enticing claims, such as employee benefits or bonuses, prompting them to open the attachments.
Once the recipient interacts with these files, programs like Word, Outlook, or WinRAR use recovery modes to process the damaged data. However, these files often contain embedded QR codes that redirect users to malicious websites. These sites may deploy malware or host fake login pages to steal user credentials.
Cybersecurity reports indicate that this method has been in use since August 2024. It represents a potential zero-day vulnerability, where attackers exploit flaws in file-handling mechanisms to evade detection. This highlights how cybercriminals constantly innovate to bypass email defenses and deliver their phishing messages effectively.
The technique works because most security tools fail to detect corrupted files, yet applications like Word and Outlook process them without issues. This gap allows attackers to exploit recovery mechanisms for malicious purposes. These findings underscore the need for organizations to improve file type scanning and detection procedures.
To protect against these threats, avoid opening unsolicited email attachments, especially ZIP files or Office documents. Always verify the sender’s authenticity before interacting with attachments. Regularly update software to close security gaps and employ advanced email filtering tools that analyze file behavior. Training employees to recognize phishing tactics is also essential for minimizing risks.