Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
Feb 04, 2025
Vulnerability / Cyber Espionage
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web ( MotW ) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09 . "The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files," Trend Micro security researcher Peter Girnus said . It's suspected that CVE-2025-0411 was likely weaponized to target governmental and non-governmental organizations in Ukraine as part of a cyber espionage campaign set against the backdrop of the ongoing Russo-Ukrainian conflict. MotW is a security feature implemented by Microsoft in Windows to prevent the a...