Sending malicious Microsoft Word files to people is a classic cybercriminal move, to the point where antivirus companies have learned to scan them before a user downloads them. However, a new attack making the rounds uses a sneaky trick to dodge these scans. Fortunately, if you keep your wits about you, you can avoid this nasty new attack strain.
Cybercriminals Are Using Corrupted Word Documents to Spread Malware
As spotted by Bleeping Computer, bad agents are using a new trick to circumvent antivirus scans. First, they create a Word document and fill it with malicious content. In this recent campaign, the cybercriminals added a QR code that leads to a fake Microsoft login page in hopes that the user will enter their login details.
At this attack stage, things get interesting: the cybercriminal deliberately corrupts the Word document. Because this scrambles the document’s data antivirus apps won’t find anything malicious when they scan the file. As such, when the target downloads the Word document, they will report that it’s virus-free.
When the target opens the document, Word detects the file’s corruption. It then offers to fix the file for the user. If the user agrees, Microsoft Word reconstructs the document, including the malicious content. At this point, the antivirus won’t detect the new content, so it won’t warn the user if they decide to scan the QR code that leads to the fake Microsoft login page.
The good news is that you can avoid this attack by taking care of what you download. It’s worth noting that Word documents are one of the most used file types for hiding viruses, so never unquestioningly trust any document you receive. Even if your antivirus doesn’t warn you about any lurking malware, take everything you read with a pinch of salt.
