Uncategorized

Windows machines are being targeted with ZIP file workaround

There is a way hide malware in ZIP files, depending on which archivers a victim uses.

Crooks can merge multiple ZIP archives into a single fileArchiver software rarely reads, or displays, all of the merged archivesAs a result, crooks can sneak malware onto a device

Hackers are using ZIP file concatenation to bypass security solutions and infect their targets with malware through email messages, experts have warned.

A report from cybersecurity researchers Perception Point outline how they recently observed one such campaign while analyzing a phishing attack.

ZIP file concatenation is a type of attack in which multiple ZIP files are merged into one, in order to trick the archiver programs and antivirus solutions.

Mitigating the problem

As Perception Point explains, the crooks would create two (or more) ZIP archives – one completely benign, maybe holding a clean .PDF file, or something similar, and one carrying the malware. Then, they would append the ZIP files into a single file which, while being shown as one file, contains multiple central directories pointing to different sets of file entries.

Different archivers, such as Winzip, WinRaR, 7zip, and others, handle these types of files differently, allowing crooks to move past cybersecurity solutions and infect the target device. 7zip, for example, only reads the first ZIP archive, which could lead to compromise. It could warn the user about additional data, though. WinRaR reads all ZIP structures and will reveal the malware, while Windows File Explorer only displays the second ZIP archive.

In practice, that would mean the crooks would send out the usual phishing email, “warning” the victim of a pending invoice, or an undelivered parcel. The victim would download and run the attachment, and unknowingly get infected with a trojan, or similar malware.

Perception Point argues that “traditional detection tools” often fail to unpack and fully parse such ZIP files, and suggests its proprietary solution (who woulda thunk?).

“By analyzing every layer recursively, it ensures that no hidden threats are missed, regardless of how deeply they are buried – deeply nested or concealed payloads are revealed for further analysis.”

However, simply being careful with email attachments and not downloading things from unconfirmed sources should keep you secure anyway.

Via BleepingComputer

You might also like

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tacticsHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now

Read More 

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top
Generated by Feedzy