What is a .7z File? Basics.
To understand how a .7z file can be utilized in the distribution of malware, you should first learn what a .7z file is. To begin with, it is an archive type of file – a container for keeping a bulk of other files together. That makes its usage highly accessible and useful, and it is among the most widely used archive file formats nowadays. .7z gets its name from the 7zip archiving program, for which it was initially implemented by the Russian developer Igor Pavlov.
How can a .7z File be Used for Malware Distribution?
.7z as a file format has quite a few features in its bag. Not only is it used to pack files together, but it has high compression rate, meaning that the archive will be with a smaller size than the original combined size of the files, which are put in that archive. .7z also supports multi-part archives, meaning that an archive can be broken into lots of parts, instead of a single file. To add to that, the file format supports AES 256-bit encryption. On top of it all, the .7z file format has an open architecture that is very versatile and allows for the stacking of compression, conversion, or encryption methods.
Malware developers seek ways in which to distribute their malware more efficiently, be it Trojans, viruses, ransomware, etc. Anti-virus and anti-malware applications do not always have an implemented mechanism for scanning archives. Also, security programs which feature such an option don’t always do a good job of detecting everything inside archives. Malware makers often place the malicious code inside such file types as .7z, which are properly assembled certain criteria is met.
The hiding of the malware’s code to make it harder to be detected is regarded as obfuscation. Archives such as .7z are one of the most commonly used tools when it comes to hiding a malware’s code. For example, a .7z archive allows for the injection of custom codec plugin DLLs, except the encryption and the other benefits. Not all security mechanisms detect that, and even some AV scanners don’t detect files wrapped in multiple archives. Furthermore, cybercriminals use this method for hiding their malicious code, because it is very easy and accessible, plus the fact that lots of people use the .7z format.