Hackers have uploaded malignant.7z to popular software crack sites and developer forums, disguised as "portable toolkits." Since developers trust .7z files for code distribution, they are often extracted without caution.

Cybercriminals rely on three primary vectors to deliver malignant.7z.

The malignant.7z moniker is likely the first of a trend. Security researchers at SANS ISC have noted that threat actors are moving toward format-specific attacks. Why? Because .7z offers:

We can anticipate variants like malignant.7z.encrypted (where the archive itself is encrypted a second time via custom XOR) and system_update.7z targeting Linux servers via p7zip vulnerabilities.