A cybersecurity company, Perception Point, recently uncovered this technique while analyzing a phishing attack. Hackers sent phishing emails disguised as fake shipping notifications with an attached ZIP file. When the ZIP file was opened, the hidden malware activated, executing malicious operations on the victim’s device.

How This ZIP File Technique Works

Unlike conventional ZIP files, these malicious archives employ a unique structure. Hackers create several smaller ZIP files, one of which contains the malware, while the others house seemingly harmless data. These smaller ZIP files are then combined into a single archive. While the file appears ordinary to the naked eye, its layered structure confuses many security tools, allowing the malware to evade detection.

Hackers exploit the limitations of various unzipping tools to make this method effective. For example:

• 7-Zip analyzes only the first ZIP file, often failing to detect hidden malware.
• WinRAR, on the other hand, fully extracts all files, improving malware detection capabilities.
• Windows File Explorer does not always accurately extract complex ZIP structures, giving hackers an opportunity to disguise malware.

Tips to Stay Protected

To defend against this type of malware attack, follow these precautions:

1. Use Advanced Security Software: Opt for tools capable of analyzing every layer of a ZIP archive. This increases the chances of detecting concealed malware.
2. Be Vigilant with Emails: Avoid opening suspicious emails or attachments, especially ZIP files, without verifying their authenticity.
3. Filter File Formats: Implement file format filtering in your security settings to block suspicious archive files from entering your system.

With hackers constantly evolving their tactics, staying informed and adopting robust security measures is essential to ensure data safety and prevent breaches.

Source: BleepingComputer.com