"Clever 'File Archiver in the Browser' Phishing Trick Uses ZIP Domains"

A new 'File Archivers in the Browser' phishing kit exploits ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser in order to trick users into launching malicious files. Google recently began allowing the registration of ZIP Top-Level Domains (TLDs) for hosting websites and email addresses. Since the release of the ZIP TLD, there has been a major debate regarding whether they pose a cybersecurity risk to users. While some experts believe the fears are exaggerated, the primary concern is that some websites will automatically convert a string ending in '.zip,' such as setup.zip, into a clickable link that could be used for malware distribution or phishing attacks. For example, sending someone instructions on downloading a file named setup.zip, Twitter will automatically turn setup.zip into a link, leading them to believe they should click it to download the file. This article continues to discuss the phishing toolkit developed by a security researcher involving ZIP domains.  

Bleeping Computer reports "Clever 'File Archiver in the Browser' Phishing Trick Uses ZIP Domains"