Skip to main content

Hackers are using a devious new trick to infect your devices

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

A person using a laptop with a set of code seen on the display.
Sora Shimazaki / Pexels

But the reason why .zip and .mov have generated such controversy is that they impersonate popular file extensions used on Windows and macOS computers. That makes them ripe for malevolent trickery.

Google provided Digital Trends trends with the following statement on the topic:

“The risk of confusion between domain names and file names is not a new one. For example, 3M’s Command products use the domain name, which is also an important program on MS DOS and early versions of Windows. Applications have mitigations for this (such as Google Safe Browsing), and these mitigations will hold true for TLD’s such as .zip. At the same time, new namespaces provide expanded opportunities for naming such as and Google takes phishing and malware seriously and Google Registry has existing mechanisms to suspend or remove malicious domains across all of our TLDs, including .zip. We will continue to monitor the usage of .zip and other TLDs and if new threats emerge we will take appropriate action to protect users.”

Many messaging apps and social media websites automatically convert a word ending in a TLD to a website link, meaning that simply telling a friend about a file you want to send them could transform your words into a clickable URL. If a hacker has already registered that URL and is using it for nefarious purposes, your friend could be sent to a harmful website.

Bleeping Computer demonstrated the problem with an example message that read, “First extract the file and then look for Once you have the file, double-click on it to watch the video.” If a hacker has registered the and domains, the message recipient could visit the link in the message and find themselves at risk of downloading an infected file. After all, they might naturally expect that the URL they visit will contain the file they’ve been told to download.

Already being abused

The risk isn’t just theoretical. In fact, cybersecurity firm Silent Push Labs has already seen this kind of sleight of hand out in the wild, with phishing websites being created at and, which likely attempt to steal user login credentials by impersonating the official Microsoft website. Needless to say, you shouldn’t visit these websites due to the threat they pose.

Potential @Microsoft phishing page abusing the new .zip top-level domain 🚨

Hosted on 151.80.119[.]120 → AS16276 @as16276


— Silent Push Labs (@silentpush_labs) May 13, 2023

While there are plenty of legitimate uses for the .zip and .mov domains, such as for file compression apps or video-streaming platforms, there also appears to be potential for abuse — something that hackers are apparently already taking advantage of.

If you see a link that ends in .zip or .mov and it appears to be linked to a large company, first research that the domain actually belongs to that company before clicking on the link. In fact, you shouldn’t visit any website or download any file sent by someone you do not trust, regardless of whether the .zip or .mov TLDs are involved. Using an antivirus app and a healthy dose of skepticism should go a long way to mitigating the myriad threats online — including from hackers making use of these new domains.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
This clever browser extension could banish viruses for good
A person using a laptop on a desk with a web browser showing the HubSpot marketplace on their screen.

With all the viruses, phishing scams and other malware lurking on the internet, using a web browser can be risky business these days. But one firm thinks it could make your web surfing much safer without adding any hassle.

A company named SquareX has just raised $6 million to develop an extension that would create virtual sandboxes within your web browser. Any time you’re tempted to open a file or click a link that comes from an unknown sender or could potentially pose a threat, SquareX’s extension would step in and let you open it in a kind of disposable browser.

Read more
FBI disables Russian malware operation targeting foreign governments
An Illustration shows a programmer busy with a laptop and several monitors.

The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.

The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DOJ) as the "premier cyberespionage malware" of Russia's Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.

Read more
No, 1Password wasn’t hacked – here’s what really happened
A person using the 1Password password manager on a laptop while sat on a couch.

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.

That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.

Read more