- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
- This new wireless carrier promises ultra-secure mobile phone service
WinRAR Vulnerability Affects Traders Worldwide
Cybersecurity researchers have exposed a zero-day vulnerability (CVE-2023-38831) in the popular WinRAR compression tool, which cyber-criminals have exploited to target traders on specialized forums.
The exploit allows threat actors to craft ZIP archives that contain malicious payloads, posing a significant risk to traders’ financial assets.
The Group-IB Threat Intelligence unit, while investigating the distribution of DarkMe malware in July 2023, stumbled upon the previously unknown vulnerability in WinRAR’s processing of the ZIP file format.
According to an advisory published by Andrey Polovinkin, a malware analyst at Group-IB earlier today, cyber-criminals have been using this vulnerability since April 2023 to create ZIP archives containing malware families including DarkMe, GuLoader and Remcos RAT.
Upon discovering this security flaw, Group-IB promptly notified RARLAB, the developers of WinRAR, about the issue. The company collaborated with the researchers and swiftly released a patch to address the vulnerability. MITRE Corporation assigned the vulnerability the marker CVE-2023-38831 on August 15 2023.
The exploit involves tricking users into opening seemingly harmless files, which then launch malicious scripts. Cyber-criminals are leveraging a tactic in which they spoof file extensions to hide the execution of malicious code within files that appear to be images or text documents. Group-IB explained that these malicious archives were posted on various trading forums, infecting at least 130 devices at the time of reporting.
Once infected, the malware provides threat actors unauthorized access to victims’ brokerage accounts, enabling them to withdraw funds. The financial losses incurred due to this vulnerability are still under investigation. Notably, the same vulnerability was reportedly used in the DarkCasino campaign previously described by NSFOCUS researchers.
Group-IB urged users to keep their software updated, exercise caution when dealing with attachments from unknown sources and implement robust security practices such as using password managers and enabling two-factor authentication (2FA).
