The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that’s designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives.
« The actor creates a malformed archive as an anti-analysis technique, » Expel security researcher Aaron Walton said in a report shared with The Hacker News. « That is, many unarchiving tools
