Security vendors (like Malwarebytes ) are actively updating their engines to ignore the header and perform "brute-force" decompression.
The vulnerability exploits the way different software reads the ZIP file structure (Local File Header vs. Central Directory). Normal ZIP Behavior "Frozen" / Zombie ZIP Behavior Correctly lists "Deflate" compression. Claims "Stored" (no compression). Actual Data Compressed payload. Compressed payload (mismatch). Scanner Unzips and scans the payload. Skips unzipping; scans only the encrypted/raw bits. Effect Malware is detected. Malware is missed. ⚠️ Security Recommendations
Standard tools like Windows File Explorer, 7-Zip, or WinRAR will usually flag these files as corrupted or malformed. PROTHOM(Frozen)zip
For the malware to work, it typically requires a specialized "loader" to correctly interpret the malformed data, making it harder to trigger by accident. 💻 Technical Breakdown: How it Works
Use tools to verify the SHA-256 hash of any utility you download against official sites like 7-Zip.org . If you'd like to investigate further, I can help you: Check a specific file hash to see if it is a known threat. Security vendors (like Malwarebytes ) are actively updating
Many antivirus engines (estimated at ~95% in initial tests) trust the header and do not perform a deep scan of the hidden, compressed payload.
The ZIP header is altered to claim that its contents are uncompressed . Normal ZIP Behavior "Frozen" / Zombie ZIP Behavior
If you encounter a file labeled with this tag in a security report or download a file that prompts your OS to say the archive is "malformed," follow these steps: