A zero-day vulnerability in the widely used WinRAR archiving software has been exploited to attack stock traders and steal funds, according to a report by cybersecurity firm Group-IB.
The vulnerability, active since at least April 2023, has been patched in WinRAR version 6.23 released on August 2. Users are urged to update to the latest version immediately.
Critical Details
Identified as CVE-2023-38831, the vulnerability resides in the way WinRAR processes ZIP files. Attackers can exploit this flaw to spoof file extensions within a ZIP archive. This allows them to trick users into thinking they are opening a benign image or text file, when in reality, they are executing a malicious script. This, in turn, enables the attacker to infect the system with malware and gain access to accounts on the compromised machine.
Targeting Stock Traders
Group-IB revealed that the threat actors have primarily focused on stock traders’ accounts. Users of the Forex Station platform were specifically targeted, with malicious ZIP files disseminated through private messages and forum links. The extent of the damage caused by the attack remains undisclosed.
Patch and Additional Fixes
WinRAR version 6.23 not only addresses this zero-day vulnerability but also patches another security flaw that could allow attackers to execute arbitrary code on the victim’s system.
