New 'Zombie ZIP' Technique Lets Malware Slip Past Security Tools
Summary:
A new technique dubbed "Zombie ZIP" has been identified that conceals malicious payloads inside specially crafted compressed archive files designed to evade detection by antivirus (AV) and endpoint detection and response (EDR) products.
Tracked as CVE-2026-0866, the weakness stems from how AV and EDR engines process ZIP archive metadata, specifically, the compression method field embedded in the ZIP header. The technique works by manipulating ZIP headers to trick parsing engines into treating compressed data as uncompressed. Rather than flagging the archive as potentially dangerous, security tools trust the header and scan the file as if it were a plain, uncompressed copy of the original.
The vulnerability can be used for staged delivery. The malformed ZIP bypasses inspection layers, and a custom loader later ignores the declared compression method and decompresses the concealed content programmatically, shifting the focus from consumer extraction utilities to security infrastructure.
Bombadil Systems researcher Chris Aziz discovered the technique and confirmed it works against 50 of the 51 AV engines tested on VirusTotal. CERT/CC subsequently published Vulnerability Note VU#976247 to raise awareness, noting the issue bears similarity to CVE-2004-0935, a comparable parsing flaw disclosed over two decades ago.
Security Officer Comments:
When a threat actor deliberately alters the compression method field within the ZIP header, the AV scanner becomes confused, relying on the tampered metadata, it fails to decompress the archive properly and treats a DEFLATE-compressed payload as raw, uncompressed bytes, resulting in missed detections.
The vulnerability is effectively used for scanner evasion. This is consistent with established malware delivery patterns such as ISO smuggling, HTML smuggling, and CAB abuse, where attackers use custom loaders rather than consumer extraction tools.
While standard extraction utilities like WinRAR and 7-Zip will throw errors or produce corrupted output when attempting to open these archives, some extraction tools are still able to correctly decompress the ZIP, meaning the risk surface is not entirely contained to security tooling.
Suggested Corrections:
Security vendors should stop relying solely on declared archive metadata to determine content handling. EDR scanners should implement aggressive detection modes that validate actual file content characteristics against the stated compression method, and antivirus systems should flag and quarantine archives with inconsistent or corrupted headers for deeper inspection.
Organizations should contact their EDR and AV providers to verify whether their current solutions are vulnerable to CVE-2026-0866, and threat-hunting teams should monitor for the presence of custom loaders, as these are required to extract payloads that standard tools cannot open.
At the user level, archive files from unknown contacts should be treated with caution and deleted immediately if decompression attempts return an "unsupported method" error. Users should also avoid downloading "archive repair" utilities from untrusted sources, as these may serve as the custom loaders needed to execute the hidden payload.
Link(s):
https://github.com/bombadil-systems/zombie-zip
A new technique dubbed "Zombie ZIP" has been identified that conceals malicious payloads inside specially crafted compressed archive files designed to evade detection by antivirus (AV) and endpoint detection and response (EDR) products.
Tracked as CVE-2026-0866, the weakness stems from how AV and EDR engines process ZIP archive metadata, specifically, the compression method field embedded in the ZIP header. The technique works by manipulating ZIP headers to trick parsing engines into treating compressed data as uncompressed. Rather than flagging the archive as potentially dangerous, security tools trust the header and scan the file as if it were a plain, uncompressed copy of the original.
The vulnerability can be used for staged delivery. The malformed ZIP bypasses inspection layers, and a custom loader later ignores the declared compression method and decompresses the concealed content programmatically, shifting the focus from consumer extraction utilities to security infrastructure.
Bombadil Systems researcher Chris Aziz discovered the technique and confirmed it works against 50 of the 51 AV engines tested on VirusTotal. CERT/CC subsequently published Vulnerability Note VU#976247 to raise awareness, noting the issue bears similarity to CVE-2004-0935, a comparable parsing flaw disclosed over two decades ago.
Security Officer Comments:
When a threat actor deliberately alters the compression method field within the ZIP header, the AV scanner becomes confused, relying on the tampered metadata, it fails to decompress the archive properly and treats a DEFLATE-compressed payload as raw, uncompressed bytes, resulting in missed detections.
The vulnerability is effectively used for scanner evasion. This is consistent with established malware delivery patterns such as ISO smuggling, HTML smuggling, and CAB abuse, where attackers use custom loaders rather than consumer extraction tools.
While standard extraction utilities like WinRAR and 7-Zip will throw errors or produce corrupted output when attempting to open these archives, some extraction tools are still able to correctly decompress the ZIP, meaning the risk surface is not entirely contained to security tooling.
Suggested Corrections:
Security vendors should stop relying solely on declared archive metadata to determine content handling. EDR scanners should implement aggressive detection modes that validate actual file content characteristics against the stated compression method, and antivirus systems should flag and quarantine archives with inconsistent or corrupted headers for deeper inspection.
Organizations should contact their EDR and AV providers to verify whether their current solutions are vulnerable to CVE-2026-0866, and threat-hunting teams should monitor for the presence of custom loaders, as these are required to extract payloads that standard tools cannot open.
At the user level, archive files from unknown contacts should be treated with caution and deleted immediately if decompression attempts return an "unsupported method" error. Users should also avoid downloading "archive repair" utilities from untrusted sources, as these may serve as the custom loaders needed to execute the hidden payload.
Link(s):
https://github.com/bombadil-systems/zombie-zip