(MENAFN- CoinXposure)
The developers of the file compression software WinRAR have rectified a zero-day vulnerability that allowed hackers to install malware on the computers of unsuspecting victims and access their cryptocurrency and stock trading accounts.
On August 23, the singapore-based cybersecurity company Group-IB disclosed a zero-day vulnerability in WinRAR's handling of the ZIP file format.
The zero-day vulnerability identified as CVE-2023-38831 was exploited for approximately four months, allowing attackers to install malware when a victim clicked on archive files.
According to the report, the malware would then enable hackers to compromise online crypto and stock trading accounts.
Using the exploit, threat actors were able to generate maliciRAR and ZIP archives containing files that appeared to be harmless, such as JPG images and PDF documents.
These weaponized ZIP archives were then disseminated on trading forums aimed at crypto traders, containing trading strategies such as“Best Personal Strategy for Trading with Bitcoin.
The report affirmed that maliciarchives made their way onto at least eight public trading forums, infecting at least 130 devices; however, the financial losses sustained by the victim are unknown.
WinRar exploit infection chain. Source: Group-IB
See also cristiano ronaldo, binance partner for“forevercr7” 2 months ago
Upon execution, the script initiates a self-extracting (SFX) archive that infects the target computer with varistrains of malware, including DarkMe, GuLoader, and Remcos RAT.
These grant the perpetrator remote access privileges on the compromised system. DarkMe malware has been utilized in the past for cryptographic and financial-motivated attacks.
The researchers informed RARLABS, which rectified the zero-day vulnerability in the August 2 release of WinRAR version 6.23.
In August, BlackBerry identified several malware families that actively targeted computers to mine or pilfer cryptocurrencies.
In the same month, a newly discovered remote access tool dubbed HVNC (Hidden Virtual Network Computer) was discovered for sale on the dark web. This tool allows hackers to compromise Apple operating systems.
MENAFN25082023007320015750ID1106950136
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.