2023-08-27 08:36:58
The development team behind the popular file compression tool WinRAR recently released a patch to address a so-called zero-day vulnerability. The vulnerability allowed hackers to install malicious software on victims’ computers. And then through this they could steal their crypto or other funds. The vulnerability of WinRaR could not have been widespread until August 23, when the Singapore cyber security company Group-IB first reported the bug in the WinRAR ZIP file processing code. The vulnerability, known as CVE-2023-38831, was exploited for nearly four months. Hackers were able to install the malware when the victim clicked on a file in a compressed archive. Starting in April 2023, the bug was exploited, for which specific RAR and ZIP files were distributed on trading forums. For example, the files were called “best trading strategy for bitcoin” and the like. And the compressed file contained innocent-looking JPGs or TXTs. According to Group-IB’s report, such files appeared on at least 8 public forums and managed to infect at least 130 machines. There is no information on actual financial damages. As soon as someone downloaded the file from the forum and opened it, it immediately installed malware software called DarkMe, GuLoader or Remcos RAT on the computer. DarkMe is specifically known for its attacks against cryptos. Whoever ran into the attack, the attackers were able to access the plane of the person from a distance. RARLABS, the company behind WINRaR, finally patched the vulnerability in version 6.23 on August 2nd.
1693127337
#Attackers #infect #computers #WinRaR