Are you an avid Winrar user? Then you should update your top up now, especially if you own cryptocurrency. A zero-day vulnerability in Winrar allowed hackers to break into cryptocurrency trading accounts, and cyber gangsters have been actively exploiting this vulnerability since April. The same vulnerability can also be used to install other types of malware on your system.
This is how the gap works
They open a malicious zip file in Winrar, the default program for all compressed file formats on your computer (assuming Winrar is installed, of course). The file is full of seemingly harmless documents – PDFs, text files, and JPG images. You can double-click a file to open it, which it does. But unbeknownst to you, WinRAR has also been tricked into downloading a background script that installs malware that attackers can use to steal money from brokerage accounts.
As Bleeping Computer reports, Winrar version 6.23 fixes this and other issues, such as: b. A security vulnerability allows commands to be executed when opening certain types of RAR files. The new version of Winrar was released on the 2nd of August and should be available to all Winrar users.
Group IB (via sleeping computer)
Security firm Group-IB discovered this vulnerability (filed as CVE-2023-38831) while tracking the spread of the DarkMe malware family, which has been linked to attacks on financial software in the past. The infected archive files, posted on cryptocurrency and stock trading forums, contain DarkMe and other malware families such as GuLoader and Remcos.
The latter two families allow other malware to be downloaded and installed on the computer, giving the attacker the ability to execute arbitrary commands, record keystrokes, capture screen, manage files, and more.
At the time of the Group-IB report, 130 merchants have been confirmed infected. The archive files have been shared on at least eight forums, all under the guise of helping others increase their income. The full number of victims and the amount of financial damage is not yet known.
This Winrar attack reminds you to never download and open foreign files from the Internet. This vulnerability can also be seen as an incentive to upgrade to Windows 11, which will soon support compressed file formats such as rar, 7-zip and gz – without the need for third-party software. Tip: You can get Windows 11 Pro from PC-WELT for €70 instead of €259.
This article originally appeared here on our sister publication PC-World and we’ve translated it.