Are you an avid Winrar user? Then you should update your packer software now, especially if you own cryptocurrencies. A zero-day vulnerability in Winrar has allowed hackers to break into cryptocurrency trading accounts and the cyber gangsters have been actively working on exploiting this vulnerability since April. The same vulnerability could also be used to install other types of malware on your system.
Download: Winrar
This is how the gap works
They open a malicious zip file in Winrar, the default program for all compressed file formats on your PC (assuming you have Winrar installed, of course). The file is full of seemingly harmless documents – PDFs, text files, JPG images. You double-click a file to open it, which it does. But unbeknownst to you, WinRAR has also been tricked into loading a script in the background that installs malware that attackers can use to steal funds from brokerage accounts.
As Bleeping Computer reports, Winrar version 6.23 fixes this and other issues, such as: B. A vulnerability that allows the execution of commands when you open certain types of RAR files. The new Winrar version was released on August 2nd and should be available for all Winrar users.
Group IB (via Bleeping Computer)
Security company Group-IB discovered this vulnerability (deposited as CVE-2023-38831) while tracking the spread of the DarkMe malware family, which has been linked to attacks on financial software in the past. The infected archive files, published on cryptocurrency and stock trading forums, contained DarkMe and other malware families like GuLoader and Remcos.
The latter two families allow other malware to be downloaded and installed on the PC, giving the attacker the ability to execute arbitrary commands, record keystrokes, capture the screen, manage files, and more.
reading tip: Compress files – 7-Zip, WinRar & Co. in comparison
At the time of Group-IB’s report, 130 merchants have been confirmed to be infected. The archive files were shared on at least eight forums, all under the guise of helping others increase their income. At this time, the full number of victims and the amount of financial damage are not yet known.
This Winrar attack reminds never to download and open foreign files from internet. This vulnerability can also be seen as an incentive to upgrade to Windows 11, which will soon natively support compressed file formats such as rar, 7-zip and gz – without the need for third-party software. Tip: You can get Windows 11 Pro in the PC-WELT shop for 70 euros instead of 259 euros.
This article originally appeared here at our sister publication PC-World and has been translated by us.
