In May, Google introduced several new domains, including .zip and .mov, which will eventually be used by cybercriminals to create persuasive phishing links. Yaroslav Kargalev, head of the Center for Security Operations of FAC.С.T (former Russian division of Group-IB), told socialbites.ca about this.
The danger of new domains is that they have the same definitions of popular file extensions. For example, .zip is a well-known data archiving format, while .mov is used to express videos. Thus, Kargalev explained that scammers can disguise links to malicious files as email attachments using new domains.
“Cybercriminals are likely to use domains in the .zip region to send malware. For example, the victim receives a message with a “very important file”, clicks on a visually valid link, and downloads malware. Similar scenarios with the .mov domain region may happen, only the victim will be asked to watch the video,” explained the expert.
Kargalev believes that .zip and .mov-based scams will not become a mass phenomenon because these domains are expensive. Typically, free zones such as .tk are used for mass phishing. According to him, .zip and .mov domains will be used to carry out relatively rare targeted attacks against employees of various companies in order to gain access to their personal data and corporate information systems.
“We have already documented a case where attackers used the .zip domain. The phishing site in the designated domain region copied Microsoft Internet resources,” the expert added.
Formerly socialbites.ca Wrote About why it is dangerous to use WhatsApp and Telegram to send personal data and documents.