Vulnerabilities

Hackers Launch Zero-Day Attacks to Exploits Corrupted Files to Evade Security Tools

Cybersecurity experts at ANY.RUN have uncovered an active zero-day attack campaign that leverages corrupted files to bypass antivirus software, sandbox environments, and even email spam filters. The attack, first identified by the ANY.RUN team, poses a significant threat by enabling malicious emails...

S ShomoySoft Editorial
· May 12, 2026 · 4 min read · 👁 1 views
Hackers Launch Zero-Day Attacks to Exploits Corrupted Files to Evade Security Tools

Attack Overview

Attackers are exploiting a unique technique by intentionally corrupting files, making them difficult for security solutions to analyze. These files, often identified as ZIP archives or Microsoft Office documents (e.g., DOCX), evade detection by failing to conform to standard file-handling procedures.

Image

Applications such as Microsoft Word, Outlook, and WinRAR have built-in recovery mechanisms that the attackers exploit to execute the payload without triggering alerts.

Why Security Tools Fail

Traditional antivirus programs and file scanners are unable to detect these malicious files because of a flaw in how they handle corrupted or incomplete data:

  • Antivirus software : Marks such files as “clean” or “Item Not Found” on platforms like VirusTotal, as the files cannot be fully analyzed due to their corrupted nature.

  • Sandbox environments : Fail to identify the threat if they rely solely on automated static analysis methods.

  • Spam filters : Miss the malicious payload because the corrupted files appear benign or incomplete.

When analyzing corrupted files, some security tools attempt to extract contents, assuming these are archives. If no files can be extracted, the scanning process is halted, leaving the archive unexamined.

How the Attack Works

The attack exploits the recovery mechanisms of user applications rather than the limitations of the file itself.

Image

For example:

  • Corrupted ZIP or DOCX files  are delivered via email.

  • Security solutions fail to process the file properly, rendering them “invisible” to traditional detection mechanisms.

  • Once opened by the intended application, the built-in recovery features (e.g., Microsoft Word’s ability to repair corrupted documents) activate, facilitating the execution of malicious behavior.

Files of this nature are designed to activate only within their intended programs, bypassing static scanning tools while seamlessly executing in interactive environments.

ANY.RUN’s Innovative Detection Approach

This approach enables detection of malicious activity triggered by recovery mechanisms, providing critical insight into the attack.

Image

Cybersecurity teams are urged to adopt advanced detection tools that incorporate interactive and behavioral analysis for identifying these types of threats.

As the cybersecurity landscape continues to evolve, vigilance and innovation remain crucial in combating increasingly sophisticated attack techniques.

Source: CybersecurityNews.com

Tags: #Hacking #Vulnerability #Zero-Day #Exploit #Microsoft
Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Related Articles

Recommended for you