ZIP, RAR Have Surpassed Office Files as Most-Used Malware Containers
We all, hopefully, learned long ago not to open suspicious Microsoft Office files, which have long been one of the most common vectors for malware infection. According to a new report, there’s a new public enemy number one when it comes to cybersecurity: ZIP and RAR archives. Data from HP Wolf Security shows that encrypted file archives have become the most common way of distributing malware, and your antivirus scanner may be of little help.
According to HP’s threat analysis group, ZIP and RAR archives accounted for 42 percent of malware attacks between July and September this year. This method jumped 11 percent over the course of 2022, spurred on by more advanced methods of social engineering (phishing) and HTML fakery. That makes malicious archives more common than viruses distributed via Microsoft Word and Excel files, which have been the most popular method for three years running.
Sending out malware as archives can make it harder for even savvy internet users to stay safe. HP Wolf Security, explains that these archives can obscure the dangerous payload from scanners because they cannot see inside the encrypted containers. These ZIP and RAR files are often paired with a phony HTML file that masquerades as a PDF. When run, they produce a fake web document viewer which has the user input a password. However, that password actually decrypts the archive file, exposing the system to malware. HP’s threat group says the malware authors spent a great deal of effort making the fake HTML pages look as legitimate as possible.
The well-known Qakbot malware has adopted this method, which could have something to do with the uptick in usage. It usually shows up in emails that pretend to be from large brands and online service providers. If the user mistakenly decrypts the archive, it downloads malware in the form of a dynamic link library that can be launched with native Windows features. Qakbot can steal data or pave the way for ransomware. A similar package known as IcedID adopted an almost identical distribution mechanism in late 2022, but this one loads human-operated ransomware that helps cyber criminals target the most important files and systems on a network. The team also spotted the Magniber ransomware using this method, having apparently abandoned its reliance on easy-to-spot MSI and EXE files.
Because malware scanners can’t detect the dangerous contents of these archives before they are loaded, users are warned to remain vigilant. If you get an attachment from an unexpected source, it’s probably best not to open it.
Continue reading
SpaceX Starship Performs Amazing Flip Maneuver, Explodes on Hard Landing
The launch itself went off without a hitch, sending the vessel up to 41,000 feet. That's a major milestone for the Starship, but the landing… well, that was more of a crash. SpaceX is still calling this one a win, though.
The Best Outdoor Tech for Socializing in Cold Weather
Now that winter is upon most of us, and we're still trying to socialize outside, it's worth taking a look at some of the tech that can help make the experience more comfortable and successful.
The Aurora 7 Is an Amazing 26-Pound Laptop With 7 Displays, Zero Purpose
The Expanscape Aurora 7 is the 26-pound, 28-minute, seven-paneled laptop of your dreams.
NASA’s Super-Fast Solar Probe Returns Amazing Image of Venus
According to NASA, Parker spotted a previously unseen glow that could be a product of oxygen in the inhospitable planet's atmosphere. The unexpected clarity of surface features also has scientists reassessing how sensitive Parker's cameras are.