WinRAR hacked

Revealed on 8-23-23, hackers have been exploiting WinRAR in a "zero-day attack" since April to steal info.

The vulnerability uncovered by Group-IB has been designated CVE-2023-38831. Using the flaw, a hacker can “spoof” a file extension in a .zip archive file, making it easy to hide malicious programs in files with benign file extensions, such as .jpg, .pdf or .txt.  The hackers have been uploading the malicious .zip files to public forums frequented by financial traders. 

When unpacked, the hacked .zip file contains malicious programs such as DarkMe, GuLoader, and Remcos RAT in files with a benign extension. Just opening one of those files installs malware which can then download additional malware, or hijack a computer.

If you use WinRAR, update to version 6.23 ASAP.  And as always, be careful downloading and unpacking .zip files from websites or in emails.

Read more at Bleeping...