Microsoft Word Fuels a High-Risk Phishing Scheme

A recently uncovered phishing scheme exploits damaged Microsoft Word files to bypass security mechanisms and harvest login information.

This alarming campaign was identified by the cybersecurity experts at Any.Run, who report that the attackers masquerade as representatives from payroll and human resources, utilizing diverse subjects such as employee bonuses and benefits.

For instance, files with names like “Annual_Benefits_&Bonus_for[name]IyNURVhUTlVNUkFORE9NNDUjIw_.docx” are specifically manipulated to appear corrupted. Within these documents lies a base64 encoded string that decodes to “##TEXTNUMRANDOM45##.”

Upon opening these documents, Microsoft Word alerts users to the corruption but still manages to recover some text. This text indicates that the file cannot be accessed and instructs the recipient to scan a provided QR code to retrieve the content.

What increases the credibility of these documents is their branding; they feature logos of the companies being targeted and include photos of actual employees.

Scanning the QR code leads victims to a counterfeit Microsoft login page, effectively capturing their credentials.

While phishing attacks are not new, this tactic of employing corrupted Word documents presents a fresh approach to eluding detection.

It’s crucial to understand that the Word document itself does not carry harmful code but instead includes a QR code directing users to a phishing site designed for credential theft.

So, what can you do? The solution is straightforward. Before opening any suspicious email attachments (such as recent sextortion attempts), administrators must either delete or verify these communications.

🚨ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (1/3)⚠️ The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook’s spam filters, allowing the malicious emails to reach your inbox. The #ANYRUN team… pic.twitter.com/0asnG72Gm9

— ANY.RUN (@anyrun_app) November 25, 2024

Source&Images

Author: Egor Kostenko

My goal is to make complex technical topics simple and accessible. On this site, I gather unique and useful content that not only solves users’ problems but also helps them better understand the capabilities of Windows.