Hackers Breached Crypto Trading Accounts By Abusing Winrar Zero-day Vulnerability

The CVE-2023-38831 WinRAR zero-day flaw was exploited to install malware through harmless archive files, compromising online cryptocurrency trading accounts. This vulnerability was actively used from April 2023 onwards to distribute malware like DarkMe, GuLoader, and Remcos RAT.Exploiting this flaw, hackers crafted malicious .RAR and .ZIP archives containing files like JPG images, text documents, and PDFs. When users opened these files, a script executed, installing malware on their devices.BleepingComputer tested a malicious archive from Group-IB, the campaign discoverers. Merely double-clicking a PDF triggered a CMD script execution, installing malware. This zero-day was patched in WinRAR 6.23 on August 2, 2023. The update also addressed other security concerns, including CVE-2023-40477, which allowed command execution via a specially crafted RAR file.Read more...