Zombie ZIP: How Malformed Archives Slip Malware Past Your Security Tools

Every ZIP file contains internal metadata that tells software how to decompress it. This includes the compression method, version information, and file flags. Your antivirus reads these fields to figure out how to unpack the archive and scan what's inside.

The Zombie ZIP technique works by deliberately corrupting the compression method field in the ZIP header. When a security scanner encounters this tampered metadata, it tries to decompress the archive using the declared method - and fails. The scanner then either flags the file as corrupted (but not malicious) or classifies it as safe because it couldn't find any threats during its failed inspection.

Here's what makes it dangerous:

• The malware is still inside the archive. The corrupted header doesn't destroy the payload - it just hides it from tools that follow the rules.
• Custom loaders ignore the bad metadata. Attackers use specialized extraction tools programmed to skip the tampered compression field and pull the raw data directly.
• Standard tools can't help either. Programs like 7-Zip, unzip, bsdtar, and Python's zipfile module all trust the declared compression method. They fail with CRC errors or "unsupported method" messages when they hit the tampered header.
• The file looks benign or broken - never malicious. That's the core of the evasion. Your security software either waves it through or shrugs it off as a corrupted file.

Think of it like a package with a fake shipping label. The delivery scanner reads the label and can't process it, so it either lets it through or sets it aside as unreadable. But the contents inside are exactly what the sender intended to deliver.

The attack sequence isn't complicated, which is part of what makes it effective. A threat actor builds a ZIP archive containing their malware payload, then modifies specific metadata fields in the archive's internal headers. The compression method field is the primary target, but version information and file flags can also be manipulated.

The attack follows this sequence:

• Archive creation: The attacker packages malicious code (ransomware, a remote access trojan, an info-stealer - whatever they're deploying) into a standard ZIP archive.
• Header manipulation: The compression method field is changed to an incorrect or unsupported value. The actual compressed data inside remains untouched and valid.
• Delivery: The crafted archive reaches the target through phishing emails, malicious downloads, or compromised file-sharing platforms. It passes through email gateways and network security tools that scan attachments.
• Security scan failure: The target's antivirus or EDR attempts to decompress the archive using the declared (but incorrect) compression method. The scanner fails and cannot access the payload for analysis.
• Payload extraction: A custom loader - either delivered separately or already present on the system - ignores the declared compression method and extracts the raw data directly, recovering the malware payload.
• Execution: The extracted malware executes on the target system, fully bypassing the endpoint protection that was supposed to catch it.

The two-step nature of this attack - corrupted archive plus custom loader - means it's most likely to show up in targeted attacks rather than mass-market malware campaigns. That said, we've seen techniques like this get absorbed into commodity malware toolkits within months of disclosure. Gootloader, for example, started using similar malformed ZIP tactics in late 2025 for ransomware delivery.

The CERT/CC advisory lists Cisco as a confirmed affected vendor. That matters because Cisco security products are widely deployed across Houston's energy, manufacturing, and engineering sectors. But the bigger concern is the unknown column. Several major security vendors have not yet confirmed whether their scanning engines are vulnerable:

• Avast - status unknown
• Bitdefender - status unknown
• Avira - status unknown
• Baidu - status unknown
• AVG - status unknown
• AhnLab - status unknown

Vendor status as of publication date (March 10, 2026). Check CERT/CC VU#976247 for the latest updates.

If your business runs any of these products as its primary endpoint protection, you don't currently know whether you're exposed. That's the kind of uncertainty that keeps IT managers up at night.

Businesses most at risk include those that routinely receive ZIP attachments as part of normal operations - construction companies receiving project files, law firms exchanging document bundles, CPA practices getting financial data packages, and oil and gas companies sharing technical datasets.

We see this pattern regularly with Houston-area SMBs. A business relies on one antivirus product, assumes it catches everything, and doesn't find out about a gap until something gets through. In 30 years of working IT, I can count on one hand the number of times a single security layer was enough.

This disclosure doesn't exist in isolation. Archive manipulation has been gaining ground as an evasion strategy throughout 2024 and 2025. The Zombie ZIP technique joins a growing list of methods attackers use to weaponize compressed files:

• ZIP concatenation: Combining multiple ZIP files into a single archive where different extraction tools see different contents. Perception Point documented this in late 2024, showing that 7-Zip, WinRAR, and Windows Explorer each handled concatenated archives differently - meaning a file could appear safe in one tool while hiding an executable visible in another.
• ZIP padding/inflation: Embedding malware inside ZIP archives that decompress to enormous file sizes (2+ GB), exceeding the scanning limits of many EDR products. Gatewatcher's Purple Team documented AsyncRAT delivery using this technique.
• Gootloader's malformed ZIPs: The Gootloader malware family returned in late 2025 using ZIP archives with deliberately truncated End of Central Directory records, randomized non-critical fields, and per-victim hashbusting. Expel's research confirmed these archives defeated many forensic analysis tools while remaining functional on target systems.
• Mark-of-the-Web bypass: CVE-2025-0411 in 7-Zip and CVE-2025-33028 in WinZip both involved stripping Windows security flags during ZIP extraction, letting malicious files execute without the usual security warnings.

The pattern is clear: attackers are finding that the archive scanning layer in most security products is weaker than the file scanning layer. If they can get malware past the archive inspection stage, the payload often has a much better chance of executing. This is why managed IT support that includes layered security monitoring matters more than just having antivirus installed.

You're not going to fix this by buying a different antivirus product. The problem is architectural - too many security stacks treat archive scanning as a single checkpoint rather than a layered process. Here's what actually helps:

• Treat corrupted archives as suspicious, not benign. Configure email gateways and endpoint policies to quarantine or flag any ZIP file that fails decompression rather than silently passing it through. A file your scanner can't read is not a file you should trust.
• Layer your defenses beyond endpoint scanning. Behavioral analysis, network traffic inspection, and application whitelisting all catch threats that slip past archive-level scanning. No single product covers everything.
• Restrict archive handling to known sources. Train your staff to verify unexpected ZIP attachments before opening them, even from known contacts. Phishing emails using compromised accounts are the most common delivery vector for crafted archives.
• Keep all security products updated. Vendors will release patches and detection updates as they confirm their vulnerability status. If your antivirus is two versions behind, you're not getting those fixes.
• Contact your security vendor directly. Ask whether their product is affected by CVE-2026-0866 and VU#976247. If they can't give you a clear answer, that's useful information about their responsiveness.
• Monitor CERT/CC advisories. The vendor status list for this vulnerability is still being updated. New confirmations could drop at any time.

For businesses across Cypress, The Woodlands, and the greater Houston metro, the practical question isn't whether your antivirus can be bypassed - it's whether you have enough other layers to catch what gets through when it is.