The vulnerability exploits the way different software reads the ZIP file structure (Local File Header vs. Central Directory). Normal ZIP Behavior "Frozen" / Zombie ZIP Behavior Correctly lists "Deflate" compression. Claims "Stored" (no compression). Actual Data Compressed payload. Compressed payload (mismatch). Scanner Unzips and scans the payload. Skips unzipping; scans only the encrypted/raw bits. Effect Malware is detected. Malware is missed. ⚠️ Security Recommendations
The ZIP header is altered to claim that its contents are uncompressed . PROTHOM(Frozen)zip
Many antivirus engines (estimated at ~95% in initial tests) trust the header and do not perform a deep scan of the hidden, compressed payload. The vulnerability exploits the way different software reads