Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

7-Zip Flaw Exploited to Deliver SmokeLoader

February 5, 2025
Reading Time: 2 mins read
in Alerts
Malicious Go Package Grants Remote Access

A security vulnerability in the 7-Zip archiver tool, identified as CVE-2025-0411, was actively exploited to deliver SmokeLoader malware. The flaw allowed attackers to bypass Windows’ Mark-of-the-Web (MotW) protections, enabling the execution of malicious code without security warnings. The vulnerability was patched in November 2024 with version 24.09 of 7-Zip, but before that, Russian cybercriminal groups had already weaponized it in phishing campaigns. They leveraged homoglyph attacks to disguise malicious ZIP files as Microsoft Word documents, deceiving users and the Windows operating system into executing them.

This attack method involved double archiving, where a malicious payload was concealed within nested ZIP files to evade detection. Since earlier versions of 7-Zip failed to propagate MotW protections to encapsulated files, Windows’ security mechanisms did not recognize the threat. Once the deceptive ZIP file was opened, it executed an internet shortcut (.URL) file, directing victims to an attacker-controlled server.

This server then delivered another ZIP file containing the SmokeLoader malware, which was disguised as a PDF document to further trick the target.

The phishing emails used in these attacks were sent from compromised email accounts linked to Ukrainian government bodies and businesses, making them appear legitimate. These messages were primarily directed at local government agencies, municipal organizations, and businesses, indicating that attackers had prior access to compromised credentials. Once the malware was installed, it provided attackers with unauthorized access to infected systems, enabling further espionage and cyber operations. Given the geopolitical context, researchers suspect this campaign was part of a larger cyberwarfare effort targeting Ukraine amid ongoing tensions.

At least nine Ukrainian government entities, including the Ministry of Justice, Kyiv Public Transportation Service, and Kyiv Water Supply Company, were affected by this campaign. Security experts recommend updating 7-Zip to the latest version, implementing stronger email filtering mechanisms, and disabling the execution of files from untrusted sources to mitigate such attacks. The incident highlights how smaller government organizations, often lacking advanced cybersecurity defenses, can be targeted as entry points for broader attacks against larger institutions.

Reference:
  • 7-Zip Security Flaw Exploited to Deliver SmokeLoader Malware in Targeted Attacks
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityFebruary 2025
ADVERTISEMENT

Related Posts

Hackers Target Libraesva Email Flaw

Hackers Target Libraesva Email Flaw

September 30, 2025
Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

September 30, 2025
Hackers Target Libraesva Email Flaw

Cisco Warns Of IOS Zero Day Bug

September 30, 2025
Fake Microsoft Teams Installers Spread

Fake Microsoft Teams Installers Spread

September 30, 2025
Fake Microsoft Teams Installers Spread

Cybercriminals Use Facebook Google Ads

September 30, 2025
Fake Microsoft Teams Installers Spread

CISA Warns Of Critical Sudo Flaw

September 30, 2025

Latest Alerts

Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

Cisco Warns Of IOS Zero Day Bug

CISA Warns Of Critical Sudo Flaw

Cybercriminals Use Facebook Google Ads

Fake Microsoft Teams Installers Spread

Subscribe to our newsletter

    Latest Incidents

    Ukrainian Hackers Breach Crimean Servers

    Ransomware Gang Claims Maryland Breach

    Arizona School District Data Breach

    Attackers Take Down Asahi Brewer

    Harrods Alerts Customers To Breach

    Hackers Steal Photos From Kido Nursery

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial