WinRAR’s developers have fixed a critical vulnerability that could let attackers deploy malicious software, enabling unauthorized access to users’ cryptocurrency and stock trading accounts.
On August 23, Group-IB, a cybersecurity firm based in Singapore, highlighted a vulnerability in WinRAR associated with processing ZIP files.
This security flaw, labelled as CVE-2023-38831, was taken advantage of for about four months. It permitted the infiltration of malicious software when users accessed files within an archive. This enabled attackers to compromise online accounts related to cryptocurrency and stock trading, the report indicated.
By leveraging this vulnerability, adversaries crafted harmful RAR and ZIP archives showcasing apparently harmless files like JPG images or PDF documents. Such corrupted archives were propagated on forums frequented by cryptocurrency traders, using alluring topics like “top Bitcoin trading approach.” The investigation pinpointed the presence of these tainted archives on at least eight widely-visited trading forums, leading to the infection of roughly 130 devices. The financial repercussions for the affected parties remain undisclosed. When these files were opened, a self-extracting archive delivered multiple malware types to the user’s system, including DarkMe, GuLoader, and Remcos RAT.
Such malware offers intruders remote access to compromised machines. Notably, the DarkMe malware has been implicated in previous cyber-attacks with financial incentives.
After being alerted by the researchers, RARLABS addressed this pressing vulnerability in their WinRAR 6.23 update, which was made available on August 2. In a related note, tech behemoth BlackBerry pinpointed various malware variants in August, specifically designed to either mine or illicitly acquire cryptocurrencies.
Moreover, that same month saw the emergence of a novel remote access tool named HVNC (Hidden Virtual Network Computer) on the dark web. This tool could potentially allow attackers to breach Apple’s OS.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up