- Crooks can merge multiple ZIP archives into a single file
- Archiver software rarely reads, or displays, all of the merged archives
- As a result, crooks can sneak malware onto a device
Hackers are using ZIP file concatenation to bypass security solutions and infect their targets with malware through email messages, experts have warned.
A report from cybersecurity researchers Perception Point outline how they recently observed one such campaign while analyzing a phishing attack.
ZIP file concatenation is a type of attack in which multiple ZIP files are merged into one, in order to trick the archiver programs and antivirus solutions.
Mitigating the problem
As Perception Point explains, the crooks would create two (or more) ZIP archives – one completely benign, maybe holding a clean .PDF file, or something similar, and one carrying the malware. Then, they would append the ZIP files into a single file which, while being shown as one file, contains multiple central directories pointing to different sets of file entries.
Different archivers, such as Winzip, WinRaR, 7zip, and others, handle these types of files differently, allowing crooks to move past cybersecurity solutions and infect the target device. 7zip, for example, only reads the first ZIP archive, which could lead to compromise. It could warn the user about additional data, though. WinRaR reads all ZIP structures and will reveal the malware, while Windows File Explorer only displays the second ZIP archive.
In practice, that would mean the crooks would send out the usual phishing email, “warning” the victim of a pending invoice, or an undelivered parcel. The victim would download and run the attachment, and unknowingly get…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
