Odaily Planet Daily News The developer of the file compression software WinRAR has fixed the zero-day vulnerability "CVE-2023-38831". The flaw allowed hackers to install malware onto victims' computers, giving them the opportunity to hack into their cryptocurrency and stock trading accounts.
Exploiting the vulnerability, attackers can create malicious RAR and ZIP archives, such as JPG images or PDF text documents. The virus-containing ZIP archive was then distributed on trading forums aimed at crypto traders, offering strategies such as "Best personal strategies for Bitcoin trading." When executed, the script launches a self-extracting (SFX) archive, which then infects the targeted computer with various malware viruses such as DarkMe, GuLoader, and Remcos RAT.
A report released by the cybersecurity company Group-IB confirmed that the malicious documents had been released on at least eight public trading forums, infecting at least 130 devices, but the economic losses suffered by the victims were unknown. (Cointelegraph)
According to previous news, 23pds, Chief Information Security Officer (CISO) of SlowMist, tweeted that WinRAR had a remote code execution vulnerability (CVE-2023-40477). WinRAR compression software is a decompression software, which is one of the software required for computer installation. An attacker can use this vulnerability to execute code by luring the target to visit a malicious page or simply opening a malicious file. Once the user executes it, the hacker may control his computer .
Cryptocurrency users are requested to pay attention to upgrading, and at the same time, pay attention to the so-called "WinRAR vulnerability detection tool" that is also a malicious phishing program, and pay attention to financial risks.