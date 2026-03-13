The ongoing arms race of cybersecurity and countermeasures has become incredibly advanced and complicated. More often than not, finding a software or hardware exploit requires competent crafting of carefully constructed contraptions. However, even in 2026, you'll occasionally find a simple vulnerability like the recently published Zombie ZIP , which allows malware payloads to bypass nearly every common antivirus solution.

The concept is as straightforward as they come. The first part of a ZIP file is called a header, and it contains information about the contents and how they're compressed. If you make a ZIP that lies by saying the contents are uncompressed, but actually contains compressed data, most antivirus solutions won’t even raise an eyebrow.

To that software, the "uncompressed" data just looks like random bytes, and thus doesn't match known malware signatures. Evoking Westworld, "it doesn't look like anything to me." At the time of this writing, six days after the vulnerability went public, 60 out of 63 common antivirus suites don't catch this proverbial sleight-of-hand — a success rate of just over 95%.

