Tuesday , September 10 2024

WinRAR zero-day exploited since April to hack trading accounts

Traders are falling victim to cybercriminals who are leveraging a zero-day vulnerability in WinRAR, the long-standing shareware archiving tool for Windows, in order to pilfer funds.

In June, the cybersecurity company Group-IB made a remarkable discovery – a vulnerability that impacts how WinRAR handles the ZIP file format. Hackers are able to exploit a zero-day flaw, which means the vendor has no time to fix it before it is exploited. This flaw enables them to conceal harmful scripts within archive files disguised as .jpg images or .txt files. Consequently, they can easily compromise their target machines.

Hacker to exploite GeoServer Vulnerability to Deploy Malware

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has...
Read More
Hacker to exploite GeoServer Vulnerability to Deploy Malware

IMB unveils multiple vulnerabilities in it’s webMethods Integration

Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands...
Read More
IMB unveils multiple vulnerabilities in it’s webMethods Integration

Progress LoadMaster exposed to a critical 10/10 vulnerability

Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which...
Read More
Progress LoadMaster exposed to a critical 10/10 vulnerability

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

ALSO READ:

Kali Linux 2023.3 released: redesign NetHunter ,9 new tools, and more!

According to Group-IB, hackers have been taking advantage of this vulnerability since April in order to disseminate harmful ZIP archives on exclusive trading forums. Group-IB told malicious ZIP archives were posted on at least eight public forums. These forums discuss various topics related to trading, investment, and cryptocurrency. Group-IB declined to name the targeted forums.

The administrators of one of the targeted forums detected the presence of malicious files being shared and promptly issued a warning to their users. In addition to blocking the accounts used by the attackers, the forum also implemented measures to prevent their activities. However, Group-IB discovered evidence indicating that the hackers possessed the ability to bypass the account restrictions imposed by forum administrators. Consequently, they continued distributing malicious files by posting them in threads or sending them via private messages.

Hackers can gain access to brokerage accounts by tricking users into opening malware-infected files. This allows them to perform illegal financial transactions and withdraw funds. At the moment, the cybersecurity company informs that around 130 traders have infected devices. However, they mention that they do not have any information regarding financial losses at this point.
One victim told Group-IB researchers that the hackers attempted to withdraw their money, but were unsuccessful.

The mastermind behind the exploitation of the WinRAR zero-day remains a mystery. Group-IB, however, reported that it has detected the hackers utilizing DarkMe, a Visual Basic trojan associated with the notorious “Evilnum” threat group.

Evilnum, also referred to as “TA4563,” is a highly motivated threat group focused on financial gain, demonstrating significant activity within the United Kingdom. There has been evidence of this happening in Europe since at least 2018. The group has gained recognition for primarily focusing on financial organizations and online trading platforms. Group-IB stated that although they have identified the DarkMe trojan, they cannot definitively establish a direct connection between the detected campaign and this financially motivated group.

According to Group-IB, they have successfully reported the vulnerability, known as CVE-2023-38831, to Rarlab, the creators of WinRAR. On August 2nd, a new and improved WinRAR version (6.23) was released to fix the issue.

Check Also

NSA

NSA Unveils Best Practices for Event Log & Threat Detection – 2024

NSA has released Best Practices for Event Logging and Threat Detection to make sure important …

Leave a Reply

Your email address will not be published. Required fields are marked *