Security News > 2023 > September > Fake WinRAR PoC spread VenomRAT malware
An unknown threat actor has released a fake proof of concept exploit for CVE-2023-4047, a recently fixed remote code execution vulnerability in WinRAR, to spread the VenomRAT malware.
The fake WinRAR PoC. On August 17, 2023, Trend Micro's Zero Day Initiative reported the RCE vulnerability that allowed threat actors to execute arbitrary code on an affected WinRAR installation.
The fake PoC is based on publicly available PoC code for a SQL injection vulnerability in GeoServer.
"Instead of exploiting the WinRAR vulnerability as it claims, the PoC script sets off an infection chain that will install a VenomRAT payload.".
"We do not think the threat actor created this fake PoC script to specifically target researchers. Rather, it is likely the actors are opportunistic and looking to compromise other miscreants trying to adopt new vulnerabilities into their operations," Falcone said.
"We believe the threat actor had created the infrastructure and payload separately from the fake PoC. Once the vulnerability was publicly released, the actors quickly created the fake PoC to use the severity of an RCE in a popular application like WinRAR to lure in potential victims."
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-01 | CVE-2023-4047 | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. | 8.8 |