Subj : Zip domains are being abused again to trick victims into a phishi
To   : All
From : TechnologyDaily
Date : Tue May 30 2023 15:45:03

Zip domains are being abused again to trick victims into a phishing scam

Date:
Tue, 30 May 2023 14:26:54 +0000

Description:
Researchers found a clever way to abuse new domains to steal credentials and 
deliver malware.

FULL STORY
======================================================================

Not even a month has passed since Google first started offering .zip internet 
domains , and people have already found a clever and creative way to abuse it 
for malware distribution. 

The scam revolves around turning the web browser window into a fake WinZip or 
WinRAR instance and tricking the victim into believing theyre opening a 
legitimate file archive while, in reality, theyre downloading malware. 

Researcher mr.dox outlined how a threat actor registers a new domain, for 
example, setup.zip. It looks like an archive for an installer file. Then, 
they create the website to mimic the look and feel of WinRAR - the file path 
is there, the icons are there, everything looks legitimate. To add even more 
credibility to the scam, the attackers can also create a fake antivirus scan 
popup, informing the victim that the files in the archive were scanned and no 
threats were found. A website, or an archive? 

The researcher who came up with the method claims this phishing kit can be 
used in attacks such as malware distribution, or credential theft. A victim 
could end up double-clicking on a fake PDF file in the fake WinRAR window and 
be redirected to a fake login page which could steal their login information. 
Read more 

> Some of Google's new domain names could pose a serious security risk 


 > These dangerous phishing attacks are more common than ever - here's what 
you need to know 


 > Here's our list of the best malware removal software 

The fake PDF file can also be used to trigger a file download, tricking the 
victim into downloading malware. 

BleepingComputer also reminds that the way latest Windows versions search for 
files can also be abused. When a person types a file name into the search 
bar, the operating system will first search through local storage, but if it 
doesnt find anything, it will try to open the query in a browser. If there is 
a legitimate domain of the same name, it will be opened in the browser. 

This technique illustrates how ZIP domains can be abused to create clever 
phishing attacks and malware delivery or credential theft , the publication 
concludes. These are the best firewalls to keep your business protected 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/zip-domains-are-being-abused-again-to-trick-vic
tims-into-a-phishing-scam


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.