this is never the case. The attackers would usually trick the user into accessing the ZIP archive that would result in persistent attacks. The attacker puts in many legitimate files in the ZIP...