Security News > 2023 > August > WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal.
The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or text files.
In attacks discovered by the Singapore-based firm in July 2023, specially crafted ZIP or RAR archive files distributed via trading-related forums such as Forex Station have been used to deliver a variety of malware families such as DarkMe, GuLoader, and Remcos RAT. "After infecting devices, the cybercriminals withdraw money from broker accounts," Group-IB malware analyst Andrey Polovinkin said, adding as many as 130 traders' devices have been compromised as part of the campaign.
The booby-trapped archive file is created such that it contains an image file as well as a folder with the same name.
As a result, when a victim clicks on the image, a batch script present within the folder is executed instead, which is then used to launch the next-stage, an SFX CAB archive designed to extract and launch additional files.
"Weaponized ZIP archives have been distributed on at least 8 popular trading forums, so the geolocation of victims is broad, and the attacks are not targeted at specific countries or industries."
News URL
https://thehackernews.com/2023/08/winrar-security-flaw-exploited-in-zero.html
Related news
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- WinRAR flaw bypasses Windows Mark of the Web security alerts (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-38831 | Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | 7.8 |