Cyber Threats Evolve with New Techniques and Tools

Cyber threats continue to evolve with new techniques and tools being developed by malware authors. A recent discovery by Bombadil Systems security researcher Chris Aziz has revealed a new method dubbed "Zombie ZIP" that helps conceal payloads in compressed files, avoiding detection from security solutions such as antivirus and endpoint detection and response (EDR) products.

What Happened

The "Zombie ZIP" technique manipulates ZIP headers to trick parsing engines into treating compressed data as uncompressed. This allows malware to slip past security tools, which trust the header and scan the file as if it were a copy of the original in a ZIP container. Aziz found that this technique works against 50 of the 51 AV engines on VirusTotal.

Why It Matters

The rise of new techniques like "Zombie ZIP" highlights the need for improved threat intelligence. ESET Telemetry has reported a 12% decrease in threat detections in India between January and August 2025, suggesting that awareness and early prevention efforts are beginning to take effect. However, ransomware activity continues to evolve rapidly, and threat actors like Sednit are resurfacing with sophisticated toolkits.

What Experts Say

"Threat landscape is changing but many things of the past are not solved yet like Phishing, Ransomware are still troubling organizations and threat actors' tactics are becoming more effective with use of AI," said Roman Kovac, Chief Research Officer at ESET.

Key Numbers

• 12%: Decrease in threat detections in India between January and August 2025 (ESET Telemetry)
• 50: Number of AV engines on VirusTotal that the "Zombie ZIP" technique works against
• 2026: Year in which Microsoft will enable hotpatch security updates by default for all eligible Windows devices

Background

The "Zombie ZIP" technique is not the only new development in the cyber threat landscape. A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines. The package, published under the name "@openclaw-ai/openclawai", pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser data, cryptocurrency wallets, SSH Keys, and Apple Keychain databases.

What Comes Next

Microsoft is taking steps to improve security updates with the enablement of hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API. This change is expected to halve the time to reach 90% patch compliance.

Key Facts

• Who: Chris Aziz, Bombadil Systems security researcher
• What: Discovery of the "Zombie ZIP" technique
• When: Recent discovery
• Where: Global
• Impact: Bypasses security tools and allows malware to slip past detection

> "AV engines trust the ZIP Method field. When Method=0 (STORED), they scan the data as raw uncompressed bytes. But the data is actually DEFLATE compressed - so the scanner sees compressed noise and finds no signatures," said Chris Aziz.