Showing posts from March, 2023

Keeping your AV enabled and not extracting the ZIP

Public Service  Announcement This is something I wanted to write a post about as it seems to still be getting lots of hits and fooling lots of people. I will wright the TLDR here so you can get the message now and read further if you want to learn more. If ANY program EVER tells you to disable your Anti-Malware solution PROCEED WITH EXTREAM CAUTION.  If you are ever provided with a password protected archive again PROCEED WITH EXTREAM CAUTION. Now that the TLDR is out of the way let me explain. There have been many campaigns that have been involving something in common, using a password protected zip file hosted with a page that contains both the password AND instructions to disable your Anti-Malware solution. The ZIP file then contains infected files usually Redline or alike however if the person follows the instructions as provided they would have disabled their Anti-Malware solution which would now not detect the sample. This is a common tactic used to distribute malware onto comput