WinRAR zero-day bug exploited to steal trader funds

If you still use WinRAR, you might need to watch out

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A bug in the way WinRAR handles .ZIP files is being exploited to steal money from crypto traders and other market speculators.

Analysis from cybersecurity experts Group-IB discovered a group of criminals started distributing a malicious .ZIP archive across multiple forums where traders gather to share ideas, experiences, and similar.

Visitors to at least eight such forums were targeted by the zero-day flaw, tracked as CVE-2023-38831, with the archive carrying a malicious script hidden inside a .JPG or .TXT file.

Hundreds of victims

While administrators to some of the forums were quick to react and warn their users of the attack, they weren’t fast enough, Group-IB said, stating that they found evidence of hackers unlocking accounts “that were disabled by forum administrators to continue spreading malicious files.”

The malware grants the attackers access to their victims’ brokerage accounts, the researchers further explained, which allowed them to pull the money out. At least 130 traders had theirendpointsinfected, Group-IB said, but the researchers don’t know how much money was stolen in the process.

JumpCloud was hit by North Korean hackers looking to steal crypto>Another crypto marketplace has been hit by a major cyberattack>These are the best firewalls

One victim said the withdrawal was unsuccessful.

While the researchers don’t know for certain who is behind this campaign, they suspect the threat actor to be “Evilnum”, also known as “TA4563”, as both these groups used a Visual Basic trojan called DarkMe. Evilnum was first observed some five years ago, targeting trading platforms and financial organizations in the UK and Europe.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cryptocurrency traders are a popular target among hackers due to the way the blockchain is designed. Once a transaction is initiated, in most cases it’s impossible to reverse.

The flaw has since been fixed with a patch, and if you’re worried about being targeted, make sure your WinRAR is on version 6.23.

Via:TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics