Security News > 2023 > September > Fake WinRAR proof-of-concept exploit drops VenomRAT malware

Fake WinRAR proof-of-concept exploit drops VenomRAT malware
2023-09-20 14:49

A hacker is spreading a fake proof-of-concept exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.

The fake PoC exploit was spotted by Palo Alto Networks' Unit 42 team of researchers, who reported that the attacker uploaded the malicious code to GitHub on August 21, 2023.

Spreading the WinRAR PoC. The fake PoC is for the CVE-2023-40477 vulnerability, an arbitrary code execution vulnerability that can be triggered when specially crafted RAR files are opened on WinRAR before version 6.23.

A threat actor operating under the name "Whalersplonk" moved fast to take advantage of the opportunity by spreading malware under the guise of exploit code for the new WinRAR vulnerability.

Unit 42 reports that the fake Python PoC script is actually a modification of a publicly available exploit for another flaw, CVE-2023-25157, a critical SQL injection flaw impacting GeoServer.

As the malware can be used to deploy other payloads and steal credentials, anyone who executed this fake PoC should change their passwords for all sites and environments they have accounts.


News URL

https://www.bleepingcomputer.com/news/security/fake-winrar-proof-of-concept-exploit-drops-venomrat-malware/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-05-03 CVE-2023-40477 RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability.
0.0
0.0
2023-02-21 CVE-2023-25157 SQL Injection vulnerability in Osgeo Geoserver
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.
network
low complexity
osgeo CWE-89
critical
 9.8
9.8