A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products.

Trying to extract the files with standard utilities like WinRAR or 7-Zip results in errors or corrupted data. The technique works by manipulating ZIP headers to trick parsing engines into treating compressed data as uncompressed.

Instead of flagging the archive as potentially dangerous, security tools trust the header and scan the file as if it were a copy of the original in a ZIP container.