Email security, Vulnerability Management

New phishing campaign exploits .ZIP domain

Attackers have been leveraging the new "file archive in the browser" phishing technique that enables the creation of realistic phishing pages masquerading as legitimate file archive software, with hosting on a .ZIP domain further establishing the legitimacy of the scheme, reports The Hacker News. Such a technique could be leveraged to facilitate credential harvesting, according to a report from security researcher mr.d0x. "Another interesting use case is listing a non-executable file and when the user clicks to initiate a download, it downloads an executable file. Let's say you have an 'invoice.pdf' file. When a user clicks on this file, it will initiate the download of a .exe or any other file," said mr.d0x. Phishing-related concerns have been raised by Google's introduction of .ZIP and .MOV among its eight new top-level domains, with Trend Micro researchers noting the prevalence of ZIP file use in initial attack stages. "Beyond ZIP archives being used as a payload, it's also likely that malicious actors will use ZIP-related URLs for downloading malware with the introduction of the .zip TLD," said Trend Micro.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.