Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
More than 500 million WinRAR users are at risk.
Google reported that several state-backed hacker groups are actively exploiting a highly dangerous vulnerability in the WinRAR compression program, which is used by more than 500 million users. The purpose of attacks is to execute arbitrary code on the victim's systems.
Google's Threat Analysis Team (TAG), made up of security experts, found attempts to exploit vulnerabilities from hackers from several countries, including threat groups such as Sandworm, APT28, and APT40.
"In recent weeks, TAG has noticed that multiple hacker groups are exploiting a known vulnerability, CVE-2023-38831, in WinRAR, a popular file archiver for Windows," Google TAG said.
The patch has already been released, but many users seem to remain vulnerable. TAG notes the active use of this vulnerability in WinRAR by state hackers from various countries.
In one attack, hackers used the Rhadamanthys malware to steal data, and in another, a rogue PowerShell script (IRONJAW) to steal browser credentials.
In addition, attacks on targets in Papua New Guinea were observed, where attackers used the WinRAR vulnerability to establish a permanent presence on compromised systems.
Vulnerability CVE-2023-38831 has been actively exploited since April 2023. Since then, the bug has been used to deliver various malicious programs.
Researchers from Group-IB have discovered exploits targeting cryptocurrency and stock trading forums.
Other cybersecurity companies have also linked attacks using this WinRAR to several other threat groups, including DarkPink (NSFOCUS) and Konni (Knownsec).
After the disclosure of Group-IB information, examples of exploiting the vulnerability began to appear on public GitHub repositories, which led to active "testing" of the vulnerability by hackers.
Other cybersecurity companies have also linked attacks on this vulnerability to several other threat groups.
The vulnerability was fixed with the release of WinRAR version 6.23 on August 2, which also fixed several other security issues.
"The widespread use of vulnerabilities in WinRAR shows that exploiting known vulnerabilities can be very effective, despite the presence of a patch. Even the most advanced attackers will only do what is necessary to achieve their goals," Google said.
Google reported that several state-backed hacker groups are actively exploiting a highly dangerous vulnerability in the WinRAR compression program, which is used by more than 500 million users. The purpose of attacks is to execute arbitrary code on the victim's systems.
Google's Threat Analysis Team (TAG), made up of security experts, found attempts to exploit vulnerabilities from hackers from several countries, including threat groups such as Sandworm, APT28, and APT40.
"In recent weeks, TAG has noticed that multiple hacker groups are exploiting a known vulnerability, CVE-2023-38831, in WinRAR, a popular file archiver for Windows," Google TAG said.
The patch has already been released, but many users seem to remain vulnerable. TAG notes the active use of this vulnerability in WinRAR by state hackers from various countries.
In one attack, hackers used the Rhadamanthys malware to steal data, and in another, a rogue PowerShell script (IRONJAW) to steal browser credentials.
In addition, attacks on targets in Papua New Guinea were observed, where attackers used the WinRAR vulnerability to establish a permanent presence on compromised systems.
Vulnerability CVE-2023-38831 has been actively exploited since April 2023. Since then, the bug has been used to deliver various malicious programs.
Researchers from Group-IB have discovered exploits targeting cryptocurrency and stock trading forums.
Other cybersecurity companies have also linked attacks using this WinRAR to several other threat groups, including DarkPink (NSFOCUS) and Konni (Knownsec).
After the disclosure of Group-IB information, examples of exploiting the vulnerability began to appear on public GitHub repositories, which led to active "testing" of the vulnerability by hackers.
Other cybersecurity companies have also linked attacks on this vulnerability to several other threat groups.
The vulnerability was fixed with the release of WinRAR version 6.23 on August 2, which also fixed several other security issues.
"The widespread use of vulnerabilities in WinRAR shows that exploiting known vulnerabilities can be very effective, despite the presence of a patch. Even the most advanced attackers will only do what is necessary to achieve their goals," Google said.
