Hackers are using a new technique called ZIP file concatenation to hide malicious payloads in compressed archives, evading security solutions. Perception Point discovered this trend when analyzing a phishing attack that tricked users with a fake shipping notice. The malware was hidden in a RAR archive and used AutoIt scripting. The attack involves creating separate ZIP archives, merging them into one, and exploiting how ZIP parsers handle concatenated files. Different software like 7zip, WinRAR, and Windows File Explorer have varying responses to these attacks. To defend against this threat, security solutions supporting recursive unpacking are recommended._emails with ZIP attachments should be treated with caution.
https://www.bleepingcomputer.com/news/security/hackers-now-use-zip-file-concatenation-to-evade-detection/