Hackers are targeting Windows machines using a ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them.
The technique exploits the different methods ZIP parsers and archive managers handle concatenated ZIP files.
This new trend was spotted by Perception Point, who discovered a a concatentated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice.
The researchers found that the attachment was disguised as a RAR archive and the malware leveraged the AutoIt scripting language to automate malicious tasks.
https://www.bleepingcomputer.com/news/security/hackers-now-use-zip-file-concatenation-to-evade-detection/
Chuck Darwin /
npub19n…xt4wf
2024-11-10 21:23:56
Author Public Key
npub19ncnrqv5jlr30yecrmz2q8vkazglh6gemx8qsmcd78hh5pdstnysrxt4wfSeen on
wss://relay.nostr.bandPublished at
2024-11-10 21:23:56Event JSON
{
"id": "24b9140cbaaf3a36b5b0fb2bbcfe700705872d210870a0474c868a6df95ebd48",
"pubkey": "2cf131819497c71793381ec4a01d96e891fbe919d98e086f0df1ef7a05b05cc9",
"created_at": 1731273836,
"kind": 1,
"tags": [
[
"proxy",
"https://c.im/users/cdarwin/statuses/113460762151647781",
"activitypub"
]
],
"content": "Hackers are targeting Windows machines using a ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them.\n\nThe technique exploits the different methods ZIP parsers and archive managers handle concatenated ZIP files.\n\nThis new trend was spotted by Perception Point, who discovered a a concatentated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice.\n\nThe researchers found that the attachment was disguised as a RAR archive and the malware leveraged the AutoIt scripting language to automate malicious tasks.\nhttps://www.bleepingcomputer.com/news/security/hackers-now-use-zip-file-concatenation-to-evade-detection/",
"sig": "9917946b1ae3cd259a44e020c77e049124154f6b06a901810f9bb3f200ce0d84f0b1cc721719de43db19c352cfac89d60e67686fbfaaf85ecc8f36bff24d820c"
}