Windows machines are being targeted with ZIP file workaround
There is a way to merge multiple ZIP files into one and thus hide malware
- Crooks can merge multiple ZIP archives into a single file
- Archiver software rarely reads, or displays, all of the merged archives
- As a result, crooks can sneak malware onto a device
Hackers are using ZIP file concatenation to bypass security solutions and infect their targets with malware through email messages, experts have warned.
A report from cybersecurity researchers Perception Point outline how they recently observed one such campaign while analyzing a phishing attack.
ZIP file concatenation is a type of attack in which multiple ZIP files are merged into one, in order to trick the archiver programs and antivirus solutions.
Mitigating the problem
As Perception Point explains, the crooks would create two (or more) ZIP archives - one completely benign, maybe holding a clean .PDF file, or something similar, and one carrying the malware. Then, they would append the ZIP files into a single file which, while being shown as one file, contains multiple central directories pointing to different sets of file entries.
Different archivers, such as Winzip, WinRaR, 7zip, and others, handle these types of files differently, allowing crooks to move past cybersecurity solutions and infect the target device. 7zip, for example, only reads the first ZIP archive, which could lead to compromise. It could warn the user about additional data, though. WinRaR reads all ZIP structures and will reveal the malware, while Windows File Explorer only displays the second ZIP archive.
In practice, that would mean the crooks would send out the usual phishing email, “warning” the victim of a pending invoice, or an undelivered parcel. The victim would download and run the attachment, and unknowingly get infected with a trojan, or similar malware.
Perception Point argues that “traditional detection tools” often fail to unpack and fully parse such ZIP files, and suggests its proprietary solution (who woulda thunk?).
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“By analyzing every layer recursively, it ensures that no hidden threats are missed, regardless of how deeply they are buried – deeply nested or concealed payloads are revealed for further analysis.”
However, simply being careful with email attachments and not downloading things from unconfirmed sources should keep you secure anyway.
Via BleepingComputer
You might also like
- Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.