Hackers have come up with a clever new way to deliver malware to Windows PCs.

As reported by Cybernews and first discovered by threat intelligence services firm ANY.RUN, hackers have begun sending phishing emails containing corrupted or damaged Microsoft Office or ZIP files.

These “broken” or intentionally corrupted files cannot be properly read by antivirus software (and Outlook's spam filter), thus bypassing security measures that result in these emails appearing in the victim's inbox . When the victim attempts to recover the corrupted file by running the corresponding program in recovery mode, the malicious content contained therein infects the computer.

For example, the victim receives a corrupted .docx document that will not open in Word, but a prompt appears asking if the user wants to restore its contents. If the user presses “yes,” Word reconstructs and processes the malicious file, infecting the system.

In a post to X, ANY.RUN explains that threat actors intentionally destroy these file types to make it more difficult for security tools to detect malicious content. At the same time, however, the apps used in these attacks were specifically chosen because they have built-in recovery mechanisms that the hackers behind this campaign can exploit in their attacks.

After being provided with a corrupted file, the security solution finds it necessary to scan its contents, but the extraction fails. Since the file is not found in the archive and the archive itself is overlooked, the scanning process is never actually initiated.

This basically means that the attacker is exploiting common app recovery mechanisms in such a way that corresponding programs like Word and Outlook essentially handle this kind of file. ANY.RUN, in another post on the site, used in this campaign It provides an example of one of the phishing emails used in this campaign. This phishing email is disguised as an HR email hinting at a possible pay raise. However, the email contains a malicious Word document and adds a malicious QR code that opens a secure file that likely leads to a malicious domain. Such phishing attacks are similar to those used by information thieves to steal login credentials, credit card information, and other sensitive information.

Needless to say, do not click on emails or messages from unknown senders. As for what appears to be an internal or company email, know the policy: would HR send you a QR code? Check the sender's email: is the sender someone you have always known? Is the subject line suspicious, urgent, spelled correctly?

Also, if you do not already have the best anti-virus software solution set up and running on your PC, take action immediately. Make sure all your devices, including mobile devices, are protected from malware and threats. We also recommend the best Android antivirus apps, but due to Apple's restrictions, there is no best iPhone equivalent.

When in doubt about an email, you can always contact the sender directly and ask them to resend the attachment in a secure manner, or you can access the link manually using a secure browser. You and your knowledge are the last line of defense when it comes to this type of attack.

Given that malicious attachments are one of the primary ways hackers distribute malware in the first place, don't expect this campaign to go away anytime soon. Instead, be very careful when checking your inbox and under no circumstances should you download attachments from unknown senders or emails that do not pass the sniff test.