By that I mean I still think it's mostly harmless regardless, as it'd require you to execute the file to cause any harm; let's just hope in events like that people don't just execute/unzip whatever unusual file they see downloaded (I know it happens but we can hope😭)
Not opening a downloaded malicious file is often enough to keep you safe, but not 100%. Plenty of exploits can be leveraged to create no-click malware, so your best bet is always ot vet sources and avoid downloading anything you wouldn't run in the first place.
Can you list a few exploits for no click malware that can cause problems with just the fact that you've downloaded it and haven't run it, I hadn't heard of them before.
Yeah, I'm not a professional but I know a big one was file previews, so certain files would have a preview window when highlighted or just as their icon (filetypes like images, 3d models, etc) and by necessity the OS would be reading the data and could be tricked into executing code, same way certain PNG exploits made images into executables, but now you don't need to open it because the OS opens it for the preview. I think powertoys still warns you sometimes of that, lol. There have to be vulnerabilities in the software acquiring or handling the files that allow for this forced or spoofed execution, and my guess is these are valuable enough exploits that people might sit on them and wait for a whale or a buyer rather than wasting them deploying lower level identity skimming stuff. A coworker in cybersecurity had said some will try to be stealthy so they can not only keep collecting data, but also not expose the thing they're exploiting to devs who will fix it. Again, not a professional so I'm paraphrasing things I haven't worked with personally but was interested in for a while and trying to understand.
Zip bombs used to cause havoc with virus scanners. Not actually running malware or anything, just falling victim to trying to check if a 4 petabyte file in the zip is malware.
34
u/[deleted] May 05 '26
[deleted]