Cybercriminals are using corrupted Microsoft Office documents and archive files to evade detection in a new phishing campaign, which has been active since August 2024, according to interactive cyber threat analysis service ANY.RUN. The files are corrupted to avoid email filter scans and antivirus software, but can still be read by certain software like Microsoft Word and WinRAR, exposing a phishing link. The campaign has been using QR codes to launch phishing websites appearing as Microsoft login pages.
Fake PDFCandy Websites Spread Malware via Google Ads
CloudSEK has discovered a recent malware campaign where hackers are impersonating PDFCandy.com to spread ArechClient2 malware. The malware steals sensitive user information like usernames and
