"These File Types Are the Ones Most Commonly Used by Hackers to Hide Their Malware"

According to an analysis of real-world cyberattacks and data collected from millions of PCs, ZIP and RAR files have surpassed Microsoft Office documents as the most commonly used file types by cybercriminals to deliver malware. Based on customer data from HP Wolf Security, 42 percent of attempts to deliver malware attacks used archive file formats such as ZIP and RAR between July and September of this year. Cyberattacks involving the exploitation of ZIP and RAR formats are more common than those attempting to deliver malware via Microsoft Office documents such as Microsoft Word and Microsoft Excel files, which have long been the preferred method of tricking victims into downloading malware. According to researchers, this is the first time archive files surpassed Microsoft Office files as the most common means of delivering malware in over three years. It allows attackers to circumvent many security measures by encrypting malicious payloads and hiding them within archive files. Archives are simple to encrypt, allowing threat actors to conceal malware and avoid web proxies, sandboxes, and email scanners, thus making attacks difficult to detect, especially when combined with HTML smuggling techniques. In many cases, attackers create phishing emails appearing to be from popular brands and online service providers to trick the user into opening and running the malicious ZIP or RAR file. This includes attaching malicious HTML files to emails masquerading as PDF documents. When opened, they display a fake online document viewer that decodes the ZIP archive. If the user downloads it, it will infect them with malware. According to HP Wolf Security, Qakbot, a malware family that is used to steal data and serve as a backdoor for deploying ransomware, is one of the most notorious malware campaigns now relying on ZIP archives and malicious HTML files. This article continues to discuss HP Wolf Security's findings on the file types now most commonly used by hackers to hide malicious payloads. 

ZDNet reports "These File Types Are the Ones Most Commonly Used by Hackers to Hide Their Malware"