Security News > 2023 > May > Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files.
D0x has developed a clever phishing toolkit that lets you create fake in-browser WinRar instances and File Explorer Windows that are displayed on ZIP domains to trick users into thinking they are opened.
"With this phishing attack, you simulate a file archiver software in the browser and use a.zip domain to make it appear more legitimate," explains a new blog post by the researcher.
D0x also created another variant that displays a fake in-browser Windows File Explorer pretending to open a ZIP file.
As Windows does not show file extensions by default, the user will just see a PDF file in their downloads folder and potentially double-click on it, not realizing it's an executable.
If someone registers a zip domain that is the same as a common file name and someone performs a search in Windows, the operating system will automatically open the site in the browser.