Serious flaw in WinRAR was used to steal cryptocurrencies; to understand

Security researchers have discovered something New serious vulnerability in WinRAR that cybercriminals use to steal cryptocurrency wallets. The zero-day flaw has been in active use since April, according to Group-IB company responsible for detecting it Wednesday (23).

According to the report, this space was used to hide malicious code in supposedly harmless filessuch as documents (.PDF), images (.JPG), and texts (.TXT). A script was run on the victim’s device while opening material shared by the cybercriminals.

Action made it possible Installing malicious programs on target’s computerThis allowed the attackers to scan the machine for financial information. They were looking for data on bank accounts accessed there, cryptocurrency exchanges and wallets used to manage digital currencies.

Using the serious flaw in WinRAR, the authors distributed at least three malware families: Dark Me, GuLoader This Remcos RATprovided remote access to the device. According to the security company, the same virtual threats have been observed in other cyberattacks for financial purposes.

Investors on target

Exploiting the zero-day vulnerability in WinRAR, the group started spreading malicious files on forums focused on cryptocurrency trading. Communities engaged in stock and other investments were also targeted.

Pretending to be successful investors, the attackers circulated malicious materials as if they were safe tips and tools. At least 130 merchants’ devices are infected however, there is no exact information on the number of people affected or the amounts stolen.

Registered as: CVE-2023-38831The flaw, discovered in July, was fixed in the program’s latest update, released earlier this month. In this way It is recommended to download WinRAR 6.23 immediately to get the solution. It is worth noting that the update also fixes another very serious flaw in the program that was recently found.