Archive formats, such as ZIP and RAR files, are the most common types of files for delivering malware. They have surpassed Office files for the first time in three years.

Archive formats, such as ZIP and RAR files, are the most common types of files for delivering malware. They have surpassed Office files for the first time in three years.

44% of malware was delivered inside popular archive files, marking an 11% rise from the previous quarter, HP Wolf Security said after analyzing millions of endpoints. 32% of malware was delivered through Office files, such as Microsoft Word, Excel, and PowerPoint.

Experts observed several campaigns where cybercriminals embed malicious archives into HTML files to bypass email gateways and launch attacks.

"For example, recent QakBot and IceID campaigns used HTML files to direct users to fake online document viewers that were masquerading as Adobe. Users were then instructed to open a ZIP file and enter a password to unpack the files, which then deployed malware onto their PCs," Wolf Security said.

Since the malware within an HTML file is encrypted, its detection is extremely difficult. Threat actors rely on social engineering and lure victims into opening malicious archive files.

"Archives are easy to encrypt, helping threat actors to conceal malware and evade web proxies, sandboxes, or email scanners. This makes attacks difficult to detect, especially when combined with HTML smuggling techniques," senior malware analyst Alex Holland said.

Researchers also noted that attackers could potentially change the payload to, for example, spyware or ransomware, and introduce new features like geo-fencing mid-campaign. That means threat actors can adapt tactics based on the breached target.

To date, HP customers have clicked on over 18 billion email attachments, web pages, and downloaded files.