Zombie ZIP can help malware hide inside ZIP files and evade security scans
5 min. read 
Published on
Zombie ZIP is a newly disclosed archive evasion technique that can let malware pass through some antivirus and EDR checks by tampering with ZIP metadata. The trick makes security engines read the file as harmless stored data even though the payload remains compressed and recoverable with custom tooling. CERT/CC has tracked the issue as CVE-2026-0866.
In plain terms, the attacker builds a ZIP archive that lies about how its contents are stored. Security tools often trust the ZIP header when deciding how to inspect the file. If they treat compressed bytes as if they were already uncompressed, they may scan gibberish instead of the real payload and miss the threat.
This does not mean a victim can simply double-click the archive and instantly run hidden malware. CERT/CC says standard extraction tools often fail with CRC or unsupported method errors, and the concealed payload typically needs a purpose-built loader or another processing step to recover and execute it.
The technique came from security researcher Chris Aziz of Bombadil Systems. In the public proof of concept, Aziz says a normal comparison ZIP was detected by 55 of 67 VirusTotal engines, while the malformed “Zombie ZIP” sample drew just 1 detection out of 66, which points to a major blind spot in current archive scanning logic.
What Zombie ZIP does
| Item | What it means |
|---|---|
| Core trick | The ZIP header says the file is “stored” |
| Actual content | The data is still DEFLATE compressed |
| What scanners may see | Raw compressed noise instead of the real payload |
| What extraction tools may do | Throw CRC or unsupported method errors |
| What attackers can do | Recover the hidden content with a custom loader |
Source: CERT/CC advisory and Bombadil Systems PoC.
Why this matters now
Archive files still play a major role in phishing, malware delivery, and boundary crossing between email gateways, endpoint scanners, and network inspection tools. Zombie ZIP gives attackers another way to disguise payloads inside a familiar file format without inventing a new container type. That makes the technique practical, especially in staged attacks where a second tool handles extraction later.
CERT/CC also notes that this is not a completely new class of weakness. The organization linked CVE-2026-0866 to an older issue from 2004, CVE-2004-0935, which also involved malformed ZIP archives evading antivirus inspection. The new method uses a different mismatch, but it falls into the same broader family of archive parsing failures.
One important detail stands out in the CERT/CC write-up. The advisory says some products may still flag the archive as corrupted, which means this is not a universal bypass. Even so, the bigger concern is that a scanner can report no malware present while a recoverable payload still sits inside the file.
Key points security teams should know
- CERT/CC published the advisory on March 9, 2026.
- The issue is tracked as CVE-2026-0866.
- The public PoC says the method evaded about 98% of tested engines in its VirusTotal comparison.
- Standard tools such as 7-Zip, unzip, bsdtar, and Python’s zipfile may fail to extract the archive correctly.
- The hidden payload can still be recovered programmatically by ignoring the declared ZIP method field.
Vendor and defender response
CERT/CC says antivirus and EDR vendors should stop relying only on declared archive metadata and should validate compression fields against actual content characteristics. The advisory also urges stronger inspection modes that look for inconsistencies inside archive structure rather than accepting headers at face value.
CERT/CC’s vendor table does not yet show broad public responses from major security firms, but it does include one confirmed statement from Cisco regarding ClamAV. Cisco said ClamAV is unable to scan this type of malformed ZIP file, but described it as a hardening issue rather than a vulnerability and said the finding will be considered for future releases.
That response matters because it frames the likely next phase of this story. Security vendors may not all treat Zombie ZIP as a classic software flaw that needs an urgent patch, but they may still need parser changes, heuristics, or stricter archive validation to close the gap.
What admins and users should do
- Treat ZIP files from unknown or unexpected sources with extra caution.
- Investigate archives that fail with unsupported method or CRC errors instead of dismissing them as harmless corruption.
- Ask your AV or EDR vendor whether their archive scanner checks ZIP metadata against actual compressed content.
- Review email gateway and sandbox behavior for malformed archives. This article infers that layered scanning matters because the technique targets parser assumptions across security boundaries.
- Monitor for custom loaders or scripts that programmatically decompress ZIP data outside standard utilities. This is an inference based on the published PoC and CERT/CC’s description of payload recovery.
FAQ
It is a ZIP archive evasion method that falsifies header information so some security tools scan compressed bytes incorrectly and miss the real payload.
No. The public PoC showed very high evasion rates, but CERT/CC says some products may still flag the archive as corrupted, and vendor responses are still limited.
Usually not in the demonstrated method. Standard tools often fail with errors, while a custom loader that ignores the ZIP method field can recover the payload.
It is a new technique, but CERT/CC says it is similar to older malformed ZIP archive issues, including CVE-2004-0935 from 2004.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages