Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses.

"The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X.

The malicious activity entails sending emails containing ZIP archives or Office attachments that are intentionally corrupted in such a way that they cannot be scanned by security tools. These messages aim to trick users into opening the attachments with false promises of employee benefits and bonuses.

In other words, the corrupted state of the files means that they are not flagged as suspicious or malicious by email filters and antivirus software.

However, the attack still works because it takes advantage of the built-in recovery mechanisms of programs like Word, Outlook, and WinRAR to relaunch such damaged files in recovery mode.