A new phishing campaign has been observed corrupting Microsoft Word documents to bypass email security systems and trick users into sharing sensitive information.
The campaign targets victims with emails impersonating payroll or HR departments, promising employee benefits or bonuses to lure recipients into opening malicious attachments.
These emails feature attachments named to appear legitimate, such as:
-
Annual_Benefits_&Bonus_for[name].docx
-
Due_&Payment_for[name].docx.bin
-
Q4_Benefits_&Bonus_for[name].docx.bin
When opened, the files prompt Microsoft Word’s recovery mode, which reconstructs the document and displays instructions to scan a QR code. Scanning the code redirects users to a fake Microsoft login page designed to harvest login credentials.
Read more on QR code-powered scams: New Generation of Malicious QR Codes Uncovered by Researchers
Researchers at Any.Run identified the campaign, highlighting its innovative use of corrupted files on X (formerly Twitter) last week.
No tags.
