To that software, the "uncompressed" data just looks like random bytes, and thus doesn't match known malware signatures. Evoking Westworld , "it doesn't look like anything to me." At the time of this writing, six days after the vulnerability went public, 60 out of 63 common antivirus suites don't catch this proverbial sleight-of-hand — a success rate of just over 95%.
You may like WinRAR exploit reportedly remains widely-used by China and Russia state actors despite patch Unofficial 7-zip.com website served up malware-laden downloads for over a week — infected PCs forced into a proxy botnet Security researcher says AMD auto-updater downloads software insecurely, enabling remote code execution The archive file will fail to extract with common tools like 7-Zip or WinRAR because it's technically corrupted. However, it's trivial to combine it with a tiny, seemingly innocuous program that understands the slight mismatch and extracts the actual malware.
The researcher who discovered the vulnerability published a proof-of-concept in Python that requires roughly a dozen lines of code. This is concerning enough for the average user, but it can become a nightmare scenario for corporations with thousands of users and sensitive data to protect.
If you're wondering why AV solutions won't just target the loading scripts, it's because the number of false positives would almost certainly be enormous, since loading zipped data is such a common operation in most software, including but not limited to games.
The CERT is already on the case and has published the VU#976247 advisory . Likewise, CVE-2026-0866 has already been assigned. Until security suites catch up, systems administrators should be particularly wary of ZIP files traveling through their networks.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/zombie-zip-vulnerability-lets-compressed-malware-leisurely-stroll-past-95-percent-of-antivirus-apps-security-suites-are-blissfully-unaware-of-security-issue#main
- https://www.tomshardware.com
- Silicon Power US RMA policy now hedges against AI-driven RAM and SSD shortages — company says it will refund the original purchase price 'if there is a shortage
- From Radiology to Drug Discovery, Survey Reveals AI Is Delivering Clear Return on Investment in Healthcare
- This £8.97 TP-Link Ethernet switch is a must-have for 4K streaming and lag-free gaming — compact 5-port unmanaged switch runs silent and unlocks gigabit speeds
- Silicon Power US RMA policy now hedges against AI-driven RAM and SSD shortages — company says it will refund the original purchase price 'if there is a shortage
- March Into the Cloud With 15 New Games Coming to GeForce NOW
Informational only. No financial advice. Do your own research.