Indonesian Political, Business & Finance News

Beware of New Hacker Trick: Concealing Malware in Corrupted ZIP Files

| By Yudha Pratomo | Source: KOMPAS Translated from Indonesian | Technology
Beware of New Hacker Trick: Concealing Malware in Corrupted ZIP Files
Image: KOMPAS

Computer users need to be more cautious when opening ZIP files downloaded from the internet. Recently, cybersecurity researchers discovered a new hacker attack technique called “Zombie ZIP”.

What is Zombie ZIP? This is a technique that allows malicious software (malware) to hide within a ZIP file without being detected by many antivirus programmes.

A ZIP file is an archive format used to compress one or more files or folders into a single, smaller package, making storage and data transfer easier. The file extension typically ends with .zip, which is natively supported by Windows, macOS, and other systems.

Unlike conventional malware distribution methods, Zombie ZIP makes the archive file appear corrupted or contain random data, so many antivirus programmes do not recognise it as a threat. As a result, malware can infiltrate a victim’s system undetected.

Several popular security products, including Microsoft Defender, Bitdefender, and Kaspersky, were reportedly not immediately flagging such files as malicious software.

To understand how this technique works, we need to examine how ZIP files are structured.

Within each ZIP file there is an initial section called the header. This section contains important information about the archive contents, such as the compression method used and how software should extract the files within it.

In the Zombie ZIP technique, this header section is deliberately manipulated. The file is created as if it uses a specific compression method, when in fact the data within it is compressed using a different method.

When antivirus scans the file, the system only reads the information in the header. Because the data appears to be a collection of random bytes, the antivirus treats the file as ordinary, harmless data.

However, behind the archive lies a programme or malware payload that remains hidden.

Zombie ZIP files typically cannot be opened with common archive applications such as 7-Zip or WinRAR because they are treated as corrupted archives.

However, hackers are reported to be able to include a small specialised programme that can read the actual data structure and extract the malware from the archive.

View JSON | Print