![]() “Despite this warning, further posts were made and more users were affected,” Polovinkin wrote. In one case, administrators of one of the abused forums warned users after discovering harmful files were distributed on the platform. Group-IB identified eight popular trading forums used to spread the files. In other cases, they were distributed on the file storage site catboxmoe. In most cases, the malicious ZIPs were attached to forum posts. ![]() The malicious ZIP archives Group-IB found were posted on public forums used by traders to swap information and discuss topics related to cryptocurrencies and other securities. This vulnerability has been exploited since April 2023.” Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. “Weaponized ZIP archives were distributed on trading forums. “By exploiting a vulnerability within this program, threat actors were able to craft ZIP archives that serve as carriers for various malware families,” Group-IB Malware Analyst Andrey Polovinkin wrote. WinRAR developers fixed the vulnerability, tracked as CVE-2023-38831, earlier this month. The total amount of financial losses and total number of victims infected is unknown, although Group-IB said it has tracked at least 130 individuals known to have been compromised. The attackers have been using the vulnerability to remotely execute code that installs malware from families, including DarkMe, GuLoader, and Remcos RAT.įrom there, the criminals withdraw money from broker accounts. The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |