Recently, Google released a number of new top-level domains (TLDs), including. .dad, .phd, .mov, and .zip Of these, we find .Zip to be the most unexpected. If this tells you anything, it’s that, it resembles the extension by the same name, which lets you compress files and folders on your computer. The Mountain View company’s decision inevitably caused cybersecurity professionals to worry, and their worries quickly came to pass.
In fact, mr.D0x recently explained how hackers might create a phishing campaign based on this new domain name. The technique is fairly obvious: all it takes is tricking the victim into thinking they are using a zip file-supporting application when they are actually using a website.
Here’s how hackers can trick you with a fake file. zipper
To accomplish this, all you need are the fundamentals of web development. Create a site that will fool its intended audience by, for instance, pretending to be a well-known program like WinRAR, 7-ZIP, or even the file explorer. With Windows. The victim will arrive at this website when attempting to open a file. To gain access to its contents.
Afterward, mr.D0x imagines that this website might show a fake file that would prompt the target to enter their credentials in order to access the content. The hacker could get his personal information back in this way. Alternately, hackers might suggest that it would be possible to download the file in question, only to replace it with an executable file or a PDF document infected with malware.
He also added that “If the user searches for mrd0x.zip and it doesn’t exist on the machine, it will automatically open it up in the browser. This is perfect for this scenario since the user would be expecting to see a ZIP file”. he also added An example of a phishing email that could be sent to an unsuspecting target.
and he said: Once the user performs this, it will auto-launch the .zip domain which has the file archive template, appearing pretty legitimate
For the latter, only one viable solution exists to fight against these practices: it is absolutely necessary that Google blocks domain names. According to him, phishing campaigns are already underway.
Source: mr.d0x
