The famed file compression software WinRAR had been under the radar of cyber attackers, according to a surprising revelation that has rattled the computer community. Until recently, a zero-day vulnerability lurking in the shadows allowed hackers to install malicious software on users’ PCs, possibly jeopardizing their cryptocurrency and stock accounts.
On August 23rd, Group-IB, a reputable cybersecurity group based in Singapore, discovered a weakness in WinRAR’s handling of the ZIP file format. This pernicious vulnerability, dubbed CVE-2023-38831, had been an ace in the hole for malevolent actors for around four months.
Using the zero-day issue, cyber attackers created RAR and ZIP archives that concealed malicious intent behind seemingly innocuous items such as JPG photos or PDF documents. The internet world witnessed a nefarious marketing gimmick as these modified ZIP files, touting alluring trading strategies such as “Top Bitcoin Trading Hacks,” made their way across trading forums, primarily targeting unsuspecting cryptocurrency traders.
The danger lied in the files included within these archives. When a user clicked on them, the dormant virus activated, allowing attackers to drain funds from broker accounts. This threatening exploitation began in April 2023, according to a chronology.
The Group-IB report offered more light on the scope of this cyber attack. These tainted archives infiltrated at least eight trading sites, breaking the protections of over 130 devices, according to a conservative estimate. However, the financial ramifications of these infiltrations remain unknown.
When the virus is activated, a self-extracting archive is unveiled, inundating the compromised system with powerful malware strains such as the renowned DarkMe, GuLoader, and Remcos RAT. These digital parasites grant the culprit remote access, transforming the infected system into a digital playground. Notably, the DarkMe virus has a reputation for being used in financial cyber-attacks in the past.
Following the researchers’ alert, RARLABS quickly corrected this security flaw in WinRAR version 6.23, which was released on August 2nd.
However, WinRAR is not the only platform under cyber attack. In August, BlackBerry, the smartphone manufacturer, identified various virus families with the diabolical goal of infecting systems to mine or steal digital currencies. The revelation of HVNC (Hidden Virtual Network Computer), a revolutionary remote access tool available for purchase on the dark web, has added fuel to the fire, demonstrating the capacity to break even Apple’s famed operating systems.
In this digital age, staying watchful is more than simply a requirement; it’s a survival instinct.
