Subscribe to the Non-Human & AI Identity Journal

What do security teams get wrong about archive-based malware delivery?

They often focus on the attachment type and miss the execution chain. ZIP and IMG files are dangerous because they can package a legitimate executable with a malicious DLL or loader that only activates after user execution. The real failure is treating the archive as the threat, instead of the post-open code path it enables.

Why This Matters for Security Teams

Archive-based delivery is easy to dismiss because the file itself looks mundane, but the risk sits in what the archive enables after a user opens it. ZIP and IMG files are often used to bundle a trusted-looking executable with a second-stage loader, script, or DLL that executes only after extraction or double-click. That means detections focused on file extension or gateway reputation can miss the actual kill chain. Guidance from CIS Controls v8 still maps well here: reduce executable exposure, constrain script use, and monitor execution, not just delivery. The same pattern appears in campaigns discussed by Shai Hulud npm malware campaign, where the payload path matters more than the packaging format. In practice, many security teams encounter archive-based compromise only after a user has already launched the payload and the attacker has moved to credential theft or lateral movement, rather than through intentional inspection of the post-open code path.

How It Works in Practice

The practical mistake is treating the archive as a static object instead of a delivery container for execution. A ZIP can hold a signed binary, a DLL with a matching name, a script shortcut, or a nested archive designed to delay inspection. An IMG file can mount a volume that contains a convincing document alongside a loader. Once a user extracts or opens the content, the operating system, shell, or associated application decides what runs next. That is where defenders need to focus: on process creation, parent-child relationships, script hosts, and unusual DLL loading.

Current defensive guidance suggests three layers of control:

  • Block or quarantine archive types that are not needed for business workflows, especially from external email and web download paths.
  • Detonate archives in a sandbox and inspect both contents and post-extraction behavior before release.
  • Log and alert on archive-triggered execution events, including PowerShell, wscript, mshta, rundll32, and unexpected child processes.

For identity and access teams, the archive is often the first step in a secrets theft chain. Malware that lands through a compressed file frequently looks for tokens, API keys, browser sessions, and local credentials after execution, which is why NHIMG’s guidance on lifecycle control and visibility matters. The risk is amplified in incidents like the CircleCI Breach, where stolen secrets can turn one endpoint compromise into broader platform access. Defensive teams should pair content controls with NHI hygiene, secrets rotation, and least-privilege execution. These controls tend to break down in developer-heavy environments where compressed artifacts are a normal part of workflows and users routinely bypass warnings to get work done.

Common Variations and Edge Cases

Tighter archive controls often increase user friction and helpdesk load, requiring organisations to balance prevention against legitimate file-sharing needs. That tradeoff is real, especially where engineering teams exchange build artifacts, installers, or nested archives as part of daily operations.

Best practice is evolving, but there is no universal standard for this yet. Some organisations allow archives but enforce content disarm and reconstruction, while others block specific formats only on untrusted ingress channels. The right choice depends on the business process, not the malware family name. Encrypted archives add another edge case because gateway tools may be unable to inspect contents, which pushes the control point closer to endpoint policy and user behavior monitoring. Archive-based delivery also becomes more dangerous when the payload is a scriptless binary that uses DLL side-loading or living-off-the-land tools, because signature-based scanning has less context to work with.

NHI security teams should treat the post-open action as the real indicator of compromise. If an archive launches a process that requests new secrets, reaches out to unfamiliar domains, or attempts privilege escalation, the file type no longer matters. The goal is to stop the execution chain before it can access credentials or become a broader platform compromise.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-05 Archive-delivered malware often targets secrets and service accounts after execution.
OWASP Agentic AI Top 10 LLM-07 Autonomous execution chains can amplify a malicious archive into broader tool abuse.
CSA MAESTRO MAESTRO addresses runtime controls for dynamic workloads and chained execution risk.
NIST CSF 2.0 DE.CM-1 Archive delivery requires detection of suspicious execution, not just file ingress.
NIST AI RMF GOVERN Governance is needed to define who approves archive handling and inspection controls.

Reduce secret exposure and rotate compromised NHI credentials immediately after archive-based execution events.