Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains

vtqhtr413

vtqhtr413

Level 27
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Aug 17, 2017
1,280
17,222
2,568
Content source
https://www.bleepingcomputer.com/news/security/clever-file-archiver-in-the-browser-phishing-trick-uses-zip-domains/
A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. Earlier this month, Google began offering the ability to register ZIP TLD domains, such as bleepingcomputer.zip, for hosting websites or email addresses. Since the TLD's release, there has been quite a bit of debate over whether they are a mistake and could pose a cybersecurity risk to users. While some experts believe the fears are overblown, the main concern is that some sites will automatically turn a string that ends with '.zip,' like setup.zip, into a clickable link that could be used for malware delivery or phishing attacks.

For example, if you send someone instructions on downloading a file called setup.zip, Twitter will automatically turn setup.zip into a link, making people think they should click on it to download the file. When you click on that link, your browser will attempt to open the setup.zip | Alexander Jäger site, which could redirect you to another site, show an HTML page, or prompt you to download a file. However, like all malware delivery or phishing campaigns, you must first convince a user to open a file, which can be challenging. Security researcher mr.d0x has developed a clever phishing toolkit that lets you create fake in-browser WinRar instances and File Explorer Windows that are displayed on ZIP domains to trick users into thinking they are opened .zip file.
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: Nevi, Zero Knowledge, bayasdev and 9 others
Wow! Bad actors and hackers use malicious domains. Who would of thought they could be so sinister :rolleyes:?

I wish I would have registered setup.zip, pdf.zip or password.zip they would be worth some money now.
 
  • Applause
  • Like
Reactions: vtqhtr413 and Nevi
You must log in or register to reply here.

You may also like...