Browser-Based File Archiver: A New Era in Phishing Techniques
The cybersecurity world is a fast-paced field where attackers are constantly developing new and more sophisticated techniques. Recently, one such technique has been particularly noteworthy: the “browser-based file archiver”. This technique can be used to “mimic” a file archiving software in a web browser when a victim visits a .ZIP domain name.
Mechanism of the Phishing Attack
This new phishing attack relies on an attacker’s ability to mimic a file archiving software (for example, WinRAR) in a browser. Attackers can create a realistic-looking phishing landing page using HTML and CSS and host it on a .zip domain name. This is a technique that could further bolster attackers’ social engineering campaigns.
In a potential attack scenario, an attacker could resort to such a trick to redirect users to a credential harvesting page when a file in the fake ZIP archive is clicked. This could be used to steal sensitive information from users. Also, the search bar in Windows File Explorer, when searching for a non-existent .ZIP file, opens it directly in the web browser if the file name corresponds to a legitimate .zip domain name. This is perfect for this scenario where the user is expecting to see a ZIP file.
New Top-Level Domains and the Phishing Threat
This development comes at a time when Google is releasing new top-level domain names (TLDs), among which are “.zip” and “.mov”. This has raised some concerns about inviting phishing and other types of online fraud.
.ZIP and .MOV are both legitimate file extension names, which could entice unsuspecting users to visit a malicious website and inadvertently download malware instead of opening a file.
Increase and Evolution in Phishing Attacks
This discovery comes after cybersecurity company Group-IB reported a 25% increase in the use of phishing kits in 2022. Particularly noteworthy was the increase in the use of Telegram for collecting stolen data, which nearly doubled from 5.6% in 2021 to 9.4% in 2022.
Phishing attacks are also becoming more sophisticated, with cybercriminals increasingly focusing on equipping kits with detection evasion capabilities such as antibots and dynamic directories. This allows attackers to target their victims more effectively and bypass security measures.
Conclusion: Constant Vigilance and Updating of Security Practices
This new phishing technique is a wake-up call in the world of cybersecurity. Attackers are constantly developing new and more sophisticated techniques, and this is one of the latest examples of their efforts. Therefore, it is necessary for both individual users and institutions to continuously strive to keep their security practices up-to-date and to be vigilant against potential threats.
Source: [The Hacker News](https://thehackernews.com/2023/05/dont-click-that-zip-file-phishers.html)
