Zero-Day Attack Alert: Corrupted Files Weaponized in New Attacks
A new 0-day attack leverages file corruption to slip past antivirus and sandbox defenses.
A sophisticated new phishing campaign is leveraging a novel technique to bypass traditional security measures, delivering malicious payloads directly to users’ inboxes. Discovered by malware hunting firm ANY.RUN, the attack utilizes corrupted Word documents that evade detection by antivirus software, Outlook spam filters, and even sandbox environments.
This cunning attack exploits the file recovery mechanisms built into operating systems and applications like Microsoft Word and WinRAR. By intentionally corrupting the structure of the files, attackers render them largely invisible to conventional security tools. While appearing damaged, these files can still be opened and executed, allowing the malicious code to run undetected.
The corrupted files often masquerade as familiar formats like ZIP archives or MS Office documents. When security solutions attempt to analyze these files, they often fail to recognize their true nature due to the corrupted structure. In many cases, the scanning process is prematurely terminated, giving the malicious files a free pass.
Adding another layer of stealth, the malicious code within these corrupted files is designed to activate only when opened in specific applications with recovery mode enabled. This targeted execution strategy further reduces the likelihood of detection within automated security environments.
ANY.RUN highlights the crucial role of interactive sandboxes in combating such sophisticated threats. Traditional static analysis methods often prove ineffective against these evasive techniques. Interactive sandboxes, on the other hand, allow for dynamic analysis and behavioral observation, providing a more comprehensive view of the file’s true intentions.
Users and organizations must remain vigilant and adopt a multi-layered approach to security, combining advanced threat detection tools with user education and awareness.
