The Broadband Guide
SG
search advanced

WinRAR zero-day exploited since April to hack trading accounts

2023-08-23 18:06 by
Tags:

 

A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives.

The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. The attackers have been using the vulnerability to remotely execute code that installs malware from families, including DarkMe, GuLoader, and Remcos RAT.

A security researcher, who goes by the alias goodbyeselene, has been credited with discovering and reporting the flaw on June 8, 2023. The issue has been addressed in WinRAR 6.23 released on August 2, 2023.

"A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code," the maintainers of the software said.

The latest version also addresses a second issue wherein "WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive." Group-IB researcher Andrey Polovinkin has been credited for reporting the problem.Users are recommended to update to the latest version to mitigate potential threats.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About