Researcher discovers severe antivirus blind spot: corrupted ZIP files evade nearly all scanners
Hackers can change a single byte to insert malware undetected, posing as an apparently corrupted ZIP file dubbed Zombie Zip. A security researcher demonstrated this by tricking Windows Defender and most other antivirus software, with 65 of 66 security solutions failing to detect the malware.
More than 20 years have passed since the first vulnerability of this type was discovered, yet hackers can still tamper with ZIP headers and bypass antivirus and endpoint protection.
Christopher Aziz, a security researcher and founder of Bombadil Systems, demonstrated that by changing a single byte in a ZIP archive, he can make antivirus (AV) software “go blind.”
A ZIP header is structured metadata that tells archiving utilities how to accurately extract or repair files, including the compression method, flags, and version information.
If a hacker adds malware to a ZIP archive and then changes the “method” field to falsely indicate that the data is uncompressed (stored), most AVs take it at face value, skipping decompression.
What they see instead of actual data looks like random noise without malware. The ZIP archive appears corrupted.
A malicious archive before tampering was correctly recognized as malicious by 55 out of 67 vendors on VirusTotal. The malformed archive was detected only by Kingsoft out of 66 vendors.
“Change one byte in a ZIP header and 55 of 56 antivirus engines go blind. Set the compression method to STORED. Leave the data DEFLATE-compressed. Scanners trust the metadata, scan compressed noise, detect nothing,” Aziz said, explaining the vulnerability on LinkedIn.
The researcher detailed the proof of concept, dubbed “Zombie ZIP,” on GitHub, claiming that the ZIP format confusion technique evades 98% of AV engines.
“Same payload. Same bytes. Different container,” the researcher explained.
Attackers can use it for malware delivery
Fortunately, most standard data extraction tools, like 7‑Zip, unzip, bsdtar, and Python’s zipfile, fail at the extraction of Zombie ZIPs, too. This means that users wouldn’t be able to simply extract and run the malware.
However, some extraction software can still decompress the ZIP archive despite the malformed headers, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University warned in a security advisory.
For attackers, such Zombie ZIP files can serve as a delivery mechanism for malware, bypassing security scanners. If they get initial access to the system, hackers can package malware as Zombie ZIP, smuggle it undetected, and trivially recover the original contents.
“A remote attacker may craft a ZIP archive with tampered metadata that prevents antivirus or EDR software from properly decompressing and inspecting its contents. The file can thereby evade full analysis, though many products will still flag it as corrupted,” the advisory reads.
“To execute malicious code, however, a user must extract or further process the archive.“
Zombie ZIPs could serve attackers in convincing phishing scenarios. Cybercriminals have been increasingly tricking users into running malicious commands themselves, convincing them to run unknown commands using a terminal. This technique is known as ClickFix.
ZIP and RAR archives have been named as the most prevalent malware carriers in the past.
The new vulnerability was labeled as CVE-2026-0866. However, the researchers noted its similarity to a bug from 2004, detailing that antivirus protection failed to protect from compressed files with tampered global headers.
The conversation on this topic is live. Join in the discussion.
Patches are already underway. Aziz reported the discovered vulnerability to CERT/CC in January, which, in turn, coordinated with 30 vendors.
Cisco was the first to acknowledge the issue, stating that its free antivirus tool, ClamAV, was unable to scan this type of malformed ZIP file.
“However, this is not considered a vulnerability, but rather a hardening suggestion. It will be taken into consideration for future releases,” the statement reads.
Unlock more exclusive Cybernews content on YouTube.
