{"id":205791,"date":"2025-02-07T03:11:57","date_gmt":"2025-02-07T09:11:57","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/02\/7-zip-motw-bypass-exploited-in-zero-day-attacks-against-ukraine"},"modified":"2025-02-07T03:11:57","modified_gmt":"2025-02-07T09:11:57","slug":"7-zip-motw-bypass-exploited-in-zero-day-attacks-against-ukraine","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/02\/7-zip-motw-bypass-exploited-in-zero-day-attacks-against-ukraine","title":{"rendered":"7-Zip MotW bypass exploited in zero-day attacks against Ukraine"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/7-zip-motw-bypass-exploited-in-zero-day-attacks-against-ukraine.jpg\"><\/a><\/p>\n<p>A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024.<\/p>\n<p>According to Trend Micro researchers, the flaw was used in SmokeLoader malware campaigns targeting the Ukrainian government and private organizations in the country.<\/p>\n<p>The Mark of the Web is a Windows security feature designed to warn users that the file they\u2019re about to execute comes from untrusted sources, requesting a confirmation step via an additional prompt. Bypassing MoTW allows malicious files to run on the victim\u2019s machine without a warning.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. According to Trend Micro researchers, the flaw was used in SmokeLoader malware campaigns targeting the Ukrainian government and private organizations in the country. The Mark of the Web [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1490,418],"tags":[],"class_list":["post-205791","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-government","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/205791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=205791"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/205791\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=205791"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=205791"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=205791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}