Exploitation of 7-Zip flaw witnessed in Ukraine cyber attacks

A flaw in the popular software 7Zip has been actively exploited since September 2024, with Ukrainian users being the primary targets. This vulnerability is associated with a Windows feature called Mark of the Web (MotW), which applies restrictions to downloaded files from the internet. The intention is to provide an extra layer of protection against potentially unknown files.

Now, MotW doesn’t prevent malware from running, but it can help prevent executables from directly launching on the system, requiring user confirmation first. However, according to researchers at the security company Trend Micro, hacker groups are exploiting a flaw in 7Zip to remove this file marking and bypass the imposed limitations.

The flaw was discovered on September 25, 2024, and it’s believed that Russian groups have been using it to target entities in Ukraine. By exploiting this flaw, they aim to increase the success rates of their attacks. These malicious files, designed to exploit the 7Zip vulnerability, are typically sent as suspicious email attachments or phishing attempts, disguised as Word documents or PDFs.

Fortunately, a fix for this flaw has been implemented in the 7Zip version 24.09, which was released on November 30. While the vulnerability has been confirmed with specific attacks, it is still highly recommended for users to update their 7Zip software as soon as possible. It’s worth noting that the program does not have an automatic update system, so users will need to manually download and install the latest version.

In a world where cyber threats are constantly evolving, staying up to date with software patches and security updates is crucial. So, if you’re a 7Zip user, take a moment to ensure you’re running the latest version. It’s a small step that can go a long way in protecting your digital world. Stay safe out there!