Image default

Go update WinRar right now. It's being attacked

WinRAR logo on black speckled backgroundImage: WinRAR / Unsplash

Still a dedicated WinRar user? You need to update your software right now, especially if you’ve got cryptocurrency. A zero-day vulnerability in WinRar has been allowing hackers to break into trading accounts, and they’ve been actively working this exploit since April. New information in October 2023 indicates that state-level hackers are actively exploiting this bug. The same vulnerability could be used to install other types of malware on your system as well.

The way it works: You open a malicious zip file in WinRAR, which is your default program for all compressed file formats on your PC (after you’ve installed WinRar, of course). It’s full of seemingly innocent documents—PDFs, text files, JPG images. You double-click on one to open it, which it does. But unbeknownst to you, WinRAR was also tricked into loading a script in the background, which installs malware that lets attackers steal money from brokerage accounts.

As reported by Bleeping Computer, WinRAR version 6.23 fixes this issue along with others, like a flaw that allows commands to be executed if you open certain kinds of rar files. (That is, RAR files created in a specific way to exploit that flaw.) It released on August 2 and should be available to all WinRAR users. The newest release, 6.24, also addressed the security issue. You’ll need to manually download the newer versions, and WinRAR lacks an automatic update function.

Group-IB (via Bleeping Computer)

Cybersecurity company Group-IB discovered this vulnerability (filed as CVE-2023-38831) while tracking the spread of the DarkMe malware family, which has been linked previously to financial attacks. The tainted zip files, which were posted on forums for cryptocurrency and stock trading, contained DarkMe and other malware families like GuLoader and Remcos. The latter two families allow more malware to be downloaded and installed on your PC, as well as giving the ability to run any command, record keystrokes, screen capture, manage files, and more to the attacker. (For deeper technical details, check out Bleeping Computer’s rundown of the exploit.)

At the time of Group-IB’s report, 130 traders have been confirmed as infected. The zip files were shared on at least eight forums, all under the guise of helping others improve their income. Currently, the full victim count and amount of financial damages are not yet known. Since WinRAR does not include an automatic update function, all users are advised to manually download and install the latest version.

If nothing else, this WinRAR attack is yet another reminder that the old security tip of never downloading strange files off the internet (much less opening) them still remains true. It can also be seen as more incentive to upgrade to Windows 11, which will soon natively support compressed file formats like rar, 7-Zip, and gz—no need for third-party software.

This article was initially published on August 23rd, 2023, and updated with new information on October 19th, 2023.

get windows 11 pro for cheap from pcworld’s software store

Windows 11 Pro

Windows 11 ProPrice When Reviewed:199.99Best Prices Today:$59 at PCWorld Store – Win 11 Pro Upgrade Only | $79.99 at PCWorld Software Store

Alaina Yee is PCWorld’s resident bargain hunter—when she’s not covering software, PC building, and more, she’s scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.

Recent stories by Alaina Yee:

I’m ditching my passwords—and you should tooBest free password managers 2024: Online security doesn’t have to cost a thingRoku’s massive hack is why you shouldn’t reuse passwords

Related posts

This is the best price you'll find on Rosetta Stone


Score this everyday HP laptop with an OLED display for just $599


AMD talks AM5 APUs and AM4 longevity


Leave a Comment