Encircle News!

Retro Game Arcade
, , , , , ,

Hackers exploit WinRAR zero-day bug to steal funds from broker accounts

Carly Page

Cybercriminals are exploiting a zero-day vulnerability in WinRAR, the venerable shareware archiving tool for Windows, to target traders and steal funds.

Cybersecurity company Group-IB discovered the vulnerability, which affects the processing of the ZIP file format by WinRAR, in June. The zero-day flaw — meaning the vendor had no time, or zero days, to fix it before it was exploited — allows hackers to hide malicious scripts in archive files masquerading as “.jpg” images or “.txt” files, for example, to compromise target machines.

Group-IB says hackers have been exploiting this vulnerability since April to spread malicious ZIP archives on specialist trading forums. Group-IB tells TechCrunch that malicious ZIP archives were posted on at least eight public forums, which “cover a wide range of trading, investment, and cryptocurrency-related subjects.” Group-IB declined to name the targeted forums.

In the case of one of the targeted forums, administrators became aware that malicious files were shared and subsequently issued a warning to their users. The forum also took steps to block the accounts used by the attackers, but Group-IB saw evidence that the hackers were “able to unlock accounts that were disabled by forum administrators to continue spreading malicious files, whether by posting in threads or private messages.”

Once a targeted forum user opens the malware-laced file, the hackers gain access to their victims’ brokerage accounts, enabling them to perform illicit financial transactions and withdraw funds, according to Group-IB. The cybersecurity firm tells TechCrunch that the devices of at least 130 traders are infected at the time of writing but notes that it has “no insight on financial losses at this stage.”

One victim told Group-IB researchers that the hackers attempted to withdraw their money, but were unsuccessful.

It’s not known who is behind the exploitation of the WinRAR zero-day. However, Group-IB said it observed the hackers using DarkMe, a VisualBasic trojan that has previously been linked to the “Evilnum” threat group.

Evilnum, also known as “TA4563”, is a financially motivated threat group that has been active in the U.K. and Europe since at least 2018. The group is known for targeting mainly financial organizations and online trading platforms. Group-IB said that while identifying the DarkMe trojan, it “cannot conclusively link the identified campaign to this financially motivated group.”

Group-IB says it reported the vulnerability, tracked as CVE-2023-38831, to WinRAR-maker Rarlab. An updated version of WinRAR (version 6.23) to patch the issue was released on August 2. 

28 years later, Windows finally supports RAR files

https://techcrunch.com/2023/08/23/winrar-zero-day-funds-brokers/

Follow Us

Featured Posts

July 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 987: Often Plagiarized, Never Equalled – Sapce Junk, Threads Hits 175M Users, AIndependence This Week in Tech (Audio)

Why Surgeon General's Social Media Warning Label is a Bad Idea Russia says Apple blocks 25 VPN apps in Russia, IFX reports Microsoft MSFT Tells Texas Agencies They Were Exposed in Russian Hack Microsoft says it's okay to steal content published on the web Declare your AIndependence: block AI bots, scrapers and crawlers with a single click Perplexity's grand theft AI The Julian Assange Saga Is Finally Over Zotac's Big Mistake | Consumer Warranty & Business Data Exposure NASA and SpaceX misjudged the risks from reentering space junk The White House will host a conference for social media creators Meta's Threads hits 175 million users one year after launch Google emissions jump nearly 50% over five years as AI use surges Judge blocks Mississippi law that required age verification on social media Host: Leo Laporte Guests: Paris Martineau, Allyn Malventano, and Larry Magid Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: panoptica.app expressvpn.com/twit NetSuite.com/TWIT 1password.com/twit
  1. TWiT 987: Often Plagiarized, Never Equalled – Sapce Junk, Threads Hits 175M Users, AIndependence
  2. TWiT 986: Our Dope GPS! – Supreme Court Decisions, Snapdragon X Elite Tests
  3. TWiT 985: TikTok With Wings – AT&T Landlines, US Bans Kaspersky and DJI
  4. TWiT 984: Fifty-three Clicks – Bot Farms in Ukraine, LA Public Health Dept. Phished
  5. TWiT 983: Digital Snackwells – NVIDIA's Thor, Adobe's TOS, Insta's Unskippable Ads