In a recent revelation, cybersecurity experts from ANY.RUN have uncovered a sophisticated method employed by hackers to infiltrate Windows PCs with malware. This new tactic involves the distribution of phishing emails containing intentionally corrupted Microsoft Office or ZIP files, a strategy designed to evade detection by both users and even the most advanced antivirus software.
According to a report by Cybernews, the threat actors behind this campaign are deliberately corrupting these commonly used file types. This manipulation complicates the ability of security tools to identify the malicious content hidden within. The choice of applications targeted in these attacks is strategic; they possess built-in recovery mechanisms that the hackers can exploit to their advantage.
When a user receives these corrupted files, security solutions are triggered to scan their contents. However, due to the corruption, these tools fail to extract any files, leading them to overlook the archive entirely. Consequently, the scanning process does not initiate, leaving the malicious payload undetected.
How to stay safe from phishing attacks
In a notable example shared by ANY.RUN, one phishing email impersonates an HR department, suggesting a potential salary increase. However, it conceals a malicious Word document and includes a QR code that purportedly leads to a secure file, likely directing users to a harmful domain. Such phishing attempts mirror tactics used by infostealers aiming to capture sensitive information like login credentials and credit card details.
To safeguard against these evolving threats, users are advised to exercise caution with emails from unknown senders. It is essential to familiarize oneself with company policies regarding internal communications. For instance, would your HR department typically send a QR code? Always verify the sender’s email address and scrutinize the subject line for any signs of urgency or poor spelling.
Moreover, ensuring that robust antivirus software is installed and operational on all devices is crucial. This includes not only PCs but also mobile devices, as threats can manifest across various platforms. While Android users have access to a range of antivirus applications, iPhone users face limitations due to Apple’s restrictions.
When in doubt about an email’s legitimacy, it is prudent to contact the sender directly, requesting that they resend any attachments through a secure method. Alternatively, users can manually navigate to links using a secure browser. Ultimately, awareness and vigilance serve as the last line of defense against these insidious attacks.
Given that malicious attachments remain a primary vector for malware distribution, it is unlikely that this campaign will wane anytime soon. Therefore, maintaining a cautious approach when reviewing incoming emails is essential, and downloading attachments from unknown sources should always be avoided.
