HQ/EMEAFind out how we can help your business
A new investigation has claimed that a phishing campaign could exploit Google’s new [.]zip Top Lovel Domains (Google TLD) to propagate malware. A researcher created a phishing kit called File Archivers in the Browser to bait potential victims by displaying a phoney File Explorer Window or WinRAR File and redirecting them to a compromised website hosted by a threat entity.
The phishing kit could enable an attacker to attack a fake window in the web browser of the compromised device, impersonate a WinRAR or Windows File Explorer window, and show a list of archived zip files.
The attack method could also attach a fake window with a button for running a security scan of the File to increase its legitimacy. Once a target clicks the button, it will display a message box that states that the files have been scanned and zero threats have been identified.
Additionally, there could be a feature named Extract To that an attacker could leverage to deploy malicious payloads while simulating that the archived File is getting unzipped and stored on the local device.
The File Archivers in the Browser phishing kit apply to various threat attacks to deliver malware and execute credential theft.
According to researchers, the File Archivers in the Browser phishing method could allow an actor to use it for multiple threat scenarios.
The phoney WinRAR window impersonates a PDF file, redirecting a target to a phishing page that could harvest login credentials if a target clicks it. The threat actors that use the phishing kit could also download a similarly named file with an [.]exe extension. These strategies could be effective in some instances since the file extensions do not commonly appear in the default view, making the executable appear as a harmless PDF file.
This new phishing kit indicates that the newly deployed TLDs will face new threats from different threat actors since they have been developing new exploits. An immediate option to avoid such threats is to block the zip and other domains if not needed.
Everyone should know the current trends that could impact the new TLDs.
