In a developing cybersecurity concern, IT experts and researchers warn of potential misuse of Google’s new .zip and .mov top-level domains (TLDs), which they argue could be exploited for phishing attacks and malware distribution. Earlier this month, Google made available eight new TLDs, including .zip and .mov, igniting fears due to their common use as file extensions.

Typically, these extensions denote specific file types, such as ZIP archives and MPEG 4 videos. Now, however, with their adoption as TLDs, certain social media and messaging platforms may automatically transform filenames with these extensions into URLs, leading to potential security risks.

The issue arises when users, familiar with filenames linked to downloads, perceive these automatically generated URLs as safe, trustworthy sources. A threat actor owning a .zip domain with the same name as a ‘linkified’ filename could lure individuals into visiting the site, where they might fall victim to phishing scams or inadvertently download malware.

Although the probability of threat actors registering numerous domains to ensnare a handful of victims seems low, the ramifications could be severe if even a single corporate employee mistakenly installs malware, thereby jeopardizing an entire network. Already, a suspected phishing page has been discovered on a .zip domain.

Consequently, the introduction of these TLDs has stirred up a debate among developers, security researchers, and IT administrators. Some argue that the risks are overstated, while others maintain that they contribute unnecessary dangers to an already precarious online environment.

Despite these apprehensions, the Public Suffix List (PSL) community has defended the validity of these TLDs, contending that their removal from the PSL would impact the functioning of legitimate sites. Google, when asked about these concerns, stressed that the confusion between file and domain names isn’t a new issue, and assured that protective measures are in place within browsers to safeguard users.