{"id":16512,"date":"2023-08-03T10:31:01","date_gmt":"2023-08-03T10:31:01","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=16512"},"modified":"2023-08-03T10:41:52","modified_gmt":"2023-08-03T10:41:52","slug":"are-zip-domains-safe","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/are-zip-domains-safe\/","title":{"rendered":"Are .zip Domains Safe to Use and Visit?"},"content":{"rendered":"

The Internet has become our second home. Every time we surf the Internet, we scammed. And this time, cybercriminals did not miss their chance to deceive us using a new “.zip” domain.<\/p>\n

What’s a .zip domain?<\/h2>\n

Some time ago, Google allowed new Top Level Domain (TLD) names for registration. Those are .zip, .mov, and .phd. Now everyone can buy a domain with the .zip extension, just like purchasing domains with .com or .org extensions. However, the security community has expressed concerns<\/strong> about the potential risks associated with these new TLD.<\/p>\n

Experts have discovered that cybercriminals are using .zip domains<\/strong> to deceive users into believing that they are downloadable files when they are URLs. Research indicates that one-third of the top 30 .zip domains can be blocked by our threat detection engines utilize the names of prominent tech companies<\/strong>, including Microsoft, Google, Amazon, and Paypal, to fool people into thinking they are trustworthy files associated with these reputable companies.<\/p>\n

\"top<\/p>\n

Earlier, such concerns appeared about TLDs like .xyz, .online, .biz, .info, .ru, .life, and .site. However, they were mostly true \u2013 the vast majority of sites using these domains were used in phishing<\/a>, shopping scams and pop-up advertisements spam. This time, however, things could be worse<\/strong>. <\/p>\n

Security Risks of .Zip Domain <\/h2>\n

These .zip domains are blurring the lines between a file and a website<\/strong> and making it harder to tell what’s what. One primary concern is the potential for file mix-ups, which can make it hard to tell apart local and remote sources, posing a security threat. Cybercriminals have created a prototype email that considers the possibility that the attachment and the link could lead to different places<\/strong>. This ensures better accuracy and avoids confusion for the recipient.<\/p>\n

\"Security
Email that Cybercriminals might have crafted for use<\/figcaption><\/figure>\n

This is an example of a common scam<\/a> created by cybercriminals. They send an email with an attachment named \"attachment.zip,\"<\/code> claiming it is a necessary software update. The email contains a link that seems to open the attachment but actually leads to a remote URL<\/strong>. It’s a sneaky tactic used to deceive unsuspecting users.<\/p>\n

The Browser file archiver<\/h2>\n

There is a phishing kit called \"file archiver in the browser\"<\/code> that uses ZIP domains to trick users into running malicious files. This attack makes fake WinRAR or Windows File Explorer<\/strong> windows appear in the browser, making it seem like the user is using actual software. Also, to make it even more convincing, the attackers are using a .zip domain. A security researcher recently discovered this phishing tactic.<\/p>\n

\"The
Fake in-browser WinRar screen pretending to open a ZIP archive<\/figcaption><\/figure>\n

With the toolkit, it is possible to create a fake WinRar window within the browser that appears to open a ZIP archive and show its contents when accessing a .zip domain. But, this can be used to deceive users<\/strong>.
\nIn conclusion, threat actors may use this phishing toolkit to steal credentials and distribute malware.<\/p>\n

What are .zip domain phishing risks?<\/h2>\n

Security researchers have warned that domains using the “.zip” top-level and similar domains increase the chances of exposing sensitive information<\/strong> due to accidental DNS<\/a> or web requests. With the new .zip TLDs, internet browsers and messaging applications like Telegram recognize strings that end with .zip as URLs and automatically create hyperlinks.<\/p>\n

It has been found that these domains are susceptible to abuse<\/strong>, as evidenced by Silent Push Labs. This cyber intelligence firm recently detected a phishing page at microsoft-office[.]zip. This page designed to steal Microsoft Account credentials.<\/p>\n

\nhttps:\/\/twitter.com\/silentpush_labs\/status\/1657370708173783041?s=20<\/p>\n

There is a debate among developers, security researchers, and IT administrators regarding the recent developments. Some believe the concerns surrounding the ZIP and MOV top-level domains (TLDs) are unfounded<\/strong>. In contrast, others think these TLDs pose an avoidable risk in an already precarious online environment.<\/p>\n

Recommendations<\/h2>\n

Be cautious of websites with a .zip Top-Level Domain (TLD), as they may contain harmful content.<\/p>\n