WinRAR zero-day exploited since April to hack trading accounts

A zero-day vulnerability in WinRAR, tracked as CVE-2023-38831, has been actively exploited since April 2023. Hackers have been using this vulnerability to install malware by tricking users into opening seemingly harmless files in an archive. The flaw allowed threat actors to create malicious .RAR and .ZIP archives that appeared to contain innocuous files like JPG images, text files, or PDF documents. When a user opens the document, a script is executed that installs malware on the device. This vulnerability has been fixed in WinRAR version 6.23, released on August 2, 2023. Researchers have discovered that the zero-day was used to target cryptocurrency and stock trading forums by disguising as traders sharing their strategies. The malicious archives were distributed on public trading forums, infecting at least 130 traders’ devices. The financial losses resulting from this campaign are unknown. Users are advised to upgrade to the latest version of WinRAR to protect against this vulnerability.

To top