ZIP, RAR Have Surpassed Office Files as Most-Used Malware Containers

We all, hopefully, learned long ago not to open suspicious Microsoft Office files, which have long been one of the most common vectors for malware infection. According to a new report, there’s a new public enemy number one when it comes to cybersecurity: ZIP and RAR archives. Data from HP Wolf Security shows that encrypted file archives have become the most common way of distributing malware, and your antivirus scanner may be of little help.
According to HP’s threat analysis group, ZIP and RAR archives accounted for 42 percent of malware attacks between July and September this year. This method jumped 11 percent over the course of 2022, spurred on by more advanced methods of social engineering (phishing) and HTML fakery. That makes malicious archives more common than viruses distributed via Microsoft Word and Excel files, which have been the most popular method for three years running.
Sending out malware as archives can make it harder for even savvy internet users to stay safe. HP Wolf Security, explains that these archives can obscure the dangerous payload from scanners because they cannot see inside the encrypted containers. These ZIP and RAR files are often paired with a phony HTML file that masquerades as a PDF. When run, they produce a fake web document viewer which has the user input a password. However, that password actually decrypts the archive file, exposing the system to malware. HP’s threat group says the malware authors spent a great deal of effort making the fake HTML pages look as legitimate as possible.

The well-known Qakbot malware has adopted this method, which could have something to do with the uptick in usage. It usually shows up in emails that pretend to be from large brands and online service providers. If the user mistakenly decrypts the archive, it downloads malware in the form of a dynamic link library that can be launched with native Windows features. Qakbot can steal data or pave the way for ransomware. A similar package known as IcedID adopted an almost identical distribution mechanism in late 2022, but this one loads human-operated ransomware that helps cyber criminals target the most important files and systems on a network. The team also spotted the Magniber ransomware using this method, having apparently abandoned its reliance on easy-to-spot MSI and EXE files.
Because malware scanners can’t detect the dangerous contents of these archives before they are loaded, users are warned to remain vigilant. If you get an attachment from an unexpected source, it’s probably best not to open it.
Continue reading

FTC Files Antitrust Case to Break Up Facebook
New York Attorney General Letitia James has announced a major antitrust case against Facebook, which will be joined by 47 other state and regional AGs. And that's not all: the Federal Trade Commission (FTC) is filing a separate case against Facebook later today.

IBM, Fujifilm Set New Areal Density Record With 580TB Tape Cartridge
IBM and Fujifilm have announced a breakthrough that might one day enable tape cartridges at 580TB capacities or more.

Cyberpunk 2077 Save Files Will Break Forever If You Collect Too Many Items
Gamers have griped loudly about the bugs and performance issues, and there's a new issue to note today: if you collect too many in-game items, your save file will break forever.

AMD Files Patent for Its Own GPU Chiplet Implementation
AMD has filed a patent on its own method of (maybe) building GPU chiplets and connecting them to a CPU.