[URGENT] WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April (Update to WinRAR 6.23 now!) [ArsTechnica]
[URGENT] WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April (Update to WinRAR 6.23 now!) [ArsTechnica]
Vulnerability allows hackers to execute malicious code when targets open malicious ZIP files.
Who even uses WinRAR unironically?
Possibly older people and people with very specific use cases (like I did a few days ago).
This is the best summary I could come up with:
A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives.
The attackers have been using the vulnerability to remotely execute code that installs malware from families, including DarkMe, GuLoader, and Remcos RAT.
WinRAR has more than 500 million users who rely on the program to compress large files to make them more manageable and quicker to upload and download.
Even when people attempt to examine them for malice, antivirus software often has trouble peering into the compressed data to identify malicious code.
The malicious ZIP archives Group-IB found were posted on public forums used by traders to swap information and discuss topics related to cryptocurrencies and other securities.
“Our researchers also saw evidence that the threat actors were able to unblock accounts that were disabled by forum administrators to continue spreading malicious files, whether by posting in threads or sending private messages."
The original article contains 750 words, the summary contains 170 words. Saved 77%. I'm a bot and I'm open source!