According to an article from Ars Technica , the 7-Zip utility contained a flaw that allowed attackers to bypass Windows' security feature. Key Details of the Vulnerability
This allowed malicious files inside the inner archive to be executed without triggering standard Windows security warnings, such as SmartScreen. Attack Sequence: User downloads a malicious file like 3sg.7z . 3sg.7z
Opening it reveals an inner archive (sometimes disguised with Cyrillic characters to look like a document). According to an article from Ars Technica ,
This inner file triggers an automatic download of a final malware payload, bypassing MotW restrictions entirely. bypassing MotW restrictions entirely.
