Water Curse’s Open-Source Malware Trap on GitHub - Trend Micro

The attacker establishes trust, perhaps by posing as a recruiter or a business partner.

Inside the .zip file, there is typically a hidden script or executable (like a .lnk or .exe file) that installs an "infostealer".

Zip files are a top-tier vector for delivering malware because they can bypass some simple email filters and hide executable scripts. Similar campaigns, such as the or Water Curse campaigns, often follow this pattern:

Once executed, the malware can steal your passwords, browser data, and session tokens. Essential Safety Steps