New phishing technique poses as a browser-based file archiver

The new technique has a hacker simulate an archiving app in the web browser to trick victims as they try to access a .zip domain.

A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving application in the web browser when a victim visits a .zip domain, according to a security researcher identifying as mr.d0x.

The attacker essentially simulates a file archiving application like WinRAR in the browser and masks it under the .zip domain to stage the phishing attack.

“Performing this attack first requires you to emulate a file archive software using HTML/CSS,” said mr.d0x in a blog post. “I’ve uploaded two samples to my GitHub for anyone to use. While the first one emulates the WinRAR file archive utility, the other one emulates the Windows 11 File Explorer window.”