The "window" looks like it has a list of PDF or EPUB files. When you click one to "open" it, you are prompted to enter your Microsoft or Google credentials or download an executable ( .exe ) file that installs malware on your system. Why This Works (and Why It’s Scary)
Security researchers have identified a clever new phishing technique called the "File Archiver in the Browser". Here is how a typical scam might play out: Ebooks.zip
This attack leverages over 30 years of "Pavlovian behavior". We trust .zip files. Furthermore, many messaging platforms and email clients automatically turn text ending in .zip into a clickable link, making it even easier for users to stumble into these traps. The "window" looks like it has a list of PDF or EPUB files
Below is a draft blog post addressing this topic from a security-awareness perspective. Here is how a typical scam might play
You receive an email or see a social media post offering a free collection of ebooks with a link that reads ebooks.zip .