Security News > 2023 > September > Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
The fake PoC exploit was spotted by Palo Alto Networks' Unit 42 team of researchers, who reported that the attacker uploaded the malicious code to GitHub on August 21, 2023.
Spreading the WinRAR PoC. The fake PoC is for the CVE-2023-40477 vulnerability, an arbitrary code execution vulnerability that can be triggered when specially crafted RAR files are opened on WinRAR before version 6.23.
A threat actor operating under the name "Whalersplonk" moved fast to take advantage of the opportunity by spreading malware under the guise of exploit code for the new WinRAR vulnerability.
Unit 42 reports that the fake Python PoC script is actually a modification of a publicly available exploit for another flaw, CVE-2023-25157, a critical SQL injection flaw impacting GeoServer.
As the malware can be used to deploy other payloads and steal credentials, anyone who executed this fake PoC should change their passwords for all sites and environments they have accounts.
News URL
Related news
- SoumniBot malware exploits Android bugs to evade detection (source)
- CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-03 | CVE-2023-40477 | RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. | 0.0 |
| 2023-02-21 | CVE-2023-25157 | SQL Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 9.8 |