Skip to content
Why Cybercriminals Use RAR and ZIP Compressed Files to Transport Malware

Why Cybercriminals Use RAR and ZIP Compressed Files to Transport Malware

Why Cybercriminals Use RAR and ZIP Compressed Files to Transport Malware

HP Wolf Security last December published its Third Quarterly Cyber ​​Threat Intelligence Report in which he revealed that 44% of the malware was distributed via ZIP and RAR compressed files during the first quarter of 2022.

Thus surpassing, for the first time in three years, the distribution of malicious software in Office files such as Microsoft Word, PowerPoint and Excel, since these represented 32% of the total.

Now, what is the reason for this increase in the use of ZIP and RAR? For Jorge Villanueva Bardales, Brigadier General of the Army and founding member of the Association for Technological Innovation and Digital Transformation (APITEC) it is necessary to “to what file compression allows you to evade proxy-type solutions, evade security solutions (…) even some antivirus do not allow verification of files when they are compressed.”

LOOK: Windows was reported to receive 5,000 times more malware than macOS in 2022

This means that Cybercriminals are motivated to use this type of file, mainly because of the difficulty security systems have in identifying them. Villanueva adds that “the degree of comprehension allows a greater size for the programming of the malware code.”

Due to these conditions, the attackers have chosen this time to distribute the malware in compressed form.

Malware delivered by ZIP and RAR outperform distribution via Office files such as Microsoft Word, Excel and Power Point. (Photo: Pixabay) (Pixabay/)

But how do cybercriminals manage to infect a file? what are the consequences for the user? How can a malicious file be recognized and what can be done to avoid falling into such traps?

Below we answer each of the questions.

LOOK: Black Hat SEO, the method used by cybercriminals to make you fall for fake pages

How do cybercriminals infect compressed files with malware?

According to the study carried out by HP, the cybercriminals for the current attack campaign have combined the use of compressed files with HTML smuggling techniques.

This technique consists of hide a malicious script in an HTML attachment or it can also be to a web page specially designed for this purposeVillanueva explains.

Once the file is extracted and executed, malicious connections to fake sites are established.

LOOK: These four photo editing apps should be deleted immediately (they are stealing your information)

And the main injected threats are type malware Emotet, IcedID, Qakbot or Bumblebee, Specifies the specialist.

Regarding the medium they use, cybercriminals mainly send these files through emails. They also do it from social networks, fraudulent software sites, among others.

To better understand the way in which the modus operandi works, let us take into account the study of the technological company in which it is described that the QakBot and IceID threats used HTML files to lead the user to fake document viewers pretending to be Adobe. The user had to open the ZIP file and then enter a password in order to unzip it. And once such an action was taken, the malware entered the device without any problems.

Cybercriminals send the files packed with malware through emails.  (Photo: File)

Cybercriminals send the files packed with malware through emails. (Photo: File)

What consequences does a user face if he was infected by malware?

It all depends on the type of malware that has been managed to be inserted, and the intention of the attacker, they can be from simple overloaded ads, to information encryption, data theft, cyber espionage”, responds Villanueva.

On the other hand, when asked whether or not we can recognize a malicious file, he considers that it is impossible to realize if you do not have “some licensed security tool and a security culture”.

But what does exist areindicators that alert the presence of malware in computer equipment” such as those indicated below:

The teacher in the master’s degree in Cybersecurity and Cyberdefense at CAEN clarifies that even so, these indicators are not observed on the computer, in the same way you can be infected without knowing it.

  Jorge Villanueva Bardales, Brigadier General of the Army and founding member of the Association for Technological Innovation and Digital Transformation (APITEC).  (Photo: Diffusion)

Jorge Villanueva Bardales, Brigadier General of the Army and founding member of the Association for Technological Innovation and Digital Transformation (APITEC). (Photo: Diffusion)

How do I avoid falling into the malware trap?

The first rule is always to be wary and use common sense, when in doubt or the slightest suspicion, do not interact with suspicious messages; you have to report them”, advises the expert.

And the second rule is to use security software such as antivirus or other endpoint tools and, above all, keep them updated”. This last point also applies to “the operating system and all software used“because generally through application updates they are patched”security holes” that could be exploited by attackers.

LOOK: A new Trojan called ‘The Godfather’ has attacked more than 400 banking and cryptocurrency apps

Finally, Villanueva emphasizes accompanying the tools with have a culture of cybersecurity where you must be rigorous with some actions such as “don’t click every file indiscriminately, check (the file) with some of the tools available through a scan, check its origin, the user, the IP. Similarly, do not visit pages or addresses that contain malware, among others”, he points out.

Source: Elcomercio

Share this article:
globalhappenings news.jpg
most popular