This allowed malicious files inside the inner archive to be executed without triggering standard Windows security warnings, such as SmartScreen. Attack Sequence: User downloads a malicious file like 3sg.7z .

Attackers used a nested archive technique (an archive inside another archive). While the outer file (like 3sg.7z ) would be flagged by Windows as downloaded from the internet, the inner archive would not inherit this "Mark of the Web" tag.

According to an article from Ars Technica , the 7-Zip utility contained a flaw that allowed attackers to bypass Windows' security feature. Key Details of the Vulnerability