Security News > 2023 > August > WinRAR zero-day exploited since April to hack trading accounts

WinRAR zero-day exploited since April to hack trading accounts
2023-08-23 13:53

A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.

The vulnerability has been under active exploitation since April 2023, helping distribute various malware families, including DarkMe, GuLoader, and Remcos RAT. The WinRAR zero-day vulnerability allowed the threat actors to create malicious.

In a report released today, researchers from Group-IB said they discovered the WinRAR zero-day being used to target cryptocurrency and stock trading forums, where the hackers pretended to be other enthusiasts sharing their trading strategies.

These forum posts contained links to specially crafted WinRAR ZIP or RAR archives that pretended to include the shared trading strategy, consisting of PDFs, text files, and images.

The vulnerability is triggered by creating specially crafted archives with a slightly modified structure compared to safe files, which causes WinRAR's ShellExecute function to receive an incorrect parameter when it attempts to open the decoy file.

Users of WinRAR are urged to upgrade to the latest version, version 6.23 at the time of this writing, as soon as possible to eliminate the risk of file spoofing and other recently-disclosed attacks.


News URL

https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-38831 Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.
local
low complexity
rarlab CWE-345
7.8