The development team behind the popular file compression utility WinRAR has recently released a patch Which led to the elimination of the so-called zero-day vulnerability. The vulnerability allowed hackers to install malware on victims’ computers. Through this they can steal cryptocurrency or other money.
The WinRaR vulnerability cannot be so widespread
On August 23, Singaporean cybersecurity firm Group-IB first reported The bug is in the code portion of WinRAR ZIP file handling. The vulnerability, known as CVE-2023-38831, has been exploited for about four months. The hackers were able to install the malware when the victim clicked on a file in a zip archive. Starting in April 2023, the bug was exploited, with specific RAR and ZIP files distributed on trading forums. For example, the files were called “Best Bitcoin Trading Strategy” and the like. And the zip file contains innocent-looking JPGs or TXTs.
According to a Group-IB report, these files appeared on at least 8 public forums and managed to infect at least 130 devices. There is no information on actual financial damages. As soon as someone downloads the file from the forum and opens it, they immediately install malware called DarkMe, GuLoader or Remcos RAT on the computer. DarkMe is specifically known for its attacks against cryptocurrency. No matter who was attacked, the attackers were able to reach the person’s plane from a great distance. RARLABS, the company behind WINRaR, patched the vulnerability in version 6.23 on August 2nd.
