Security News > 2020 > December > Hackers can use WinZip insecure server connection to drop malware
The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users.
WinZip has been a long-standing utility for Windows users with file archiving needs beyond the support built in the operating system.
WinZip is currently at version 25 but earlier releases check the server for updates over an unencrypted connection, a weakness that could be exploited by a malicious actor.
Given the insecure nature of the communication channel, Rakhmanov says that the traffic can be "Grabbed, manipulated, or hijacked" by an attacker on the same network as the WinZip user.
This will stop the client from querying the WinZip server for the availability of a new version.
News URL
Related news
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)