Zero-Day Vulnerability in WinRAR Exploited to Target Stock Traders

Estimated read time 2 min read

A zero-day vulnerability in the widely used WinRAR archiving software has been exploited to attack stock traders and steal funds, according to a report by cybersecurity firm Group-IB.

The vulnerability, active since at least April 2023, has been patched in WinRAR version 6.23 released on August 2. Users are urged to update to the latest version immediately.

Critical Details

Identified as CVE-2023-38831, the vulnerability resides in the way WinRAR processes ZIP files. Attackers can exploit this flaw to spoof file extensions within a ZIP archive. This allows them to trick users into thinking they are opening a benign image or text file, when in reality, they are executing a malicious script. This, in turn, enables the attacker to infect the system with malware and gain access to accounts on the compromised machine.

By Group-IB: The sequence diagram of the file extension spoofing exploit (CVE-2023-38831)
By Group-IB: The sequence diagram of the file extension spoofing exploit (CVE-2023-38831)

Targeting Stock Traders

Group-IB revealed that the threat actors have primarily focused on stock traders’ accounts. Users of the Forex Station platform were specifically targeted, with malicious ZIP files disseminated through private messages and forum links. The extent of the damage caused by the attack remains undisclosed.

Patch and Additional Fixes

WinRAR version 6.23 not only addresses this zero-day vulnerability but also patches another security flaw that could allow attackers to execute arbitrary code on the victim’s system.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author