They’ve been doing this since the 90s, so…

Tl;dr… A quishing attack, hidden inside docx files that are just corrupt enough to evade automatic scanners, but not so corrupted that they’re not easily recoverable.

Same tactic as the 90s macro enabled ones, but instead of a macro, it’s a phishing qr code.