The researchers informed RARLABS, which patched the zero-day vulnerability in WinRAR version 6.23, released on August 2. DarkMe malware has previously been used in crypto and financially motivated attacks. These provide the attacker with remote access privileges on the infected computer. Upon execution, the script launches a self-extracting (SFX) archive that infects the target computer with various malware strains, including DarkMe, GuLoader, and Remcos RAT. However, the financial losses of the victims remain unknown. The report confirmed that the malicious archives were found on at least eight public trading forums, infecting a minimum of 130 devices. The vulnerability had been exploited since April 2023. These weaponized ZIP archives were then distributed on trading forums targeting crypto traders, offering strategies like "best Personal Strategy to trade with Bitcoin." Once extracted and executed, the malware allowed threat actors to withdraw money from broker accounts. The exploit enabled threat actors to create malicious RAR and ZIP archives that displayed seemingly harmless files such as JPG images or PDF text documents. The malware then allowed hackers to breach online crypto and stock trading accounts, as per the report. The vulnerability, tracked as CVE-2023-38831, was exploited for about four months, enabling hackers to install malware when a victim clicked on files in an archive. Singapore-based cybersecurity firm Group-IB reported the zero-day vulnerability in WinRAR's processing of the ZIP file format on August 23. According to Cointelegraph: The developers of file compression software WinRAR have fixed a zero-day vulnerability that allowed hackers to install malware on victims' computers, giving them access to crypto and stock trading accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |