Attackers can use pack programs such as WinRAR to spread malware on victims through the web browser. The recently activated top-level domain (TLD) .zip by Google makes the links look credible. A security researcher illustrates an example of this danger in an article.
Google released .zip TLD in mid-May 2023. However, at this point, the IT security community had already sensed the danger of phishing. Duping victims is easier when chat is about a work project. For instance, a message can be sent to a victim to download Results.zip file, which opens the file automatically. If successful, a victim lands on an attacker-controlled webpage. The security researcher has even recreated the WinRAR and Windows 11 File Explorer interface to make this page look as real as possible.
After clicking on the link, the victim thinks that they have opened a non-existent zip archive in WinRAR. The Fake WinRAR window even shows a message that the archive has been scanned and is free from any threat. The victim downloads a Trojan in the form of an executable file called Results.pdf.exe, thinking that they are receiving a PDF file. Typically, successful attackers could infect the victim’s PC with malicious codes or lead them to phishing websites.
The researcher suggests global companies to block the TLD .zip until the danger emanating from it can be better-assessed long-term. This action will counteract various scenarios that attackers can use to exploit victims.
