A zero-day vulnerability in the popular file compression software WinRAR has been patched, but crypto traders are still at risk of being targeted by hackers.
The vulnerability was patched in WinRAR version 6.23, which was released on August 2. However, many crypto traders may not have updated their software yet.
As a result, they are still at risk of being targeted by hackers who are exploiting the vulnerability.
The vulnerability, tracked as CVE-2023-38831, was exploited by hackers to install malware on the computers of unsuspecting victims, enabling them to hack into their crypto and stock accounts.
The vulnerability allowed hackers to create malicious RAR and ZIP archives that displayed seemingly innocuous files, such as JPG images or PDF documents. When a victim clicked on one of these files, the vulnerability allowed the malware to be installed on their computer.
The malware could then be used to steal cryptocurrency, or to gain remote access to the victim’s computer.
Singapore-based cybersecurity firm Group-IB reported the zero-day vulnerability in the processing of the ZIP file format by WinRAR on August 23.
The report revealed that the vulnerability was exploited by hackers to target crypto traders in at least eight public trading forums.
The hackers pretended to be trading enthusiasts in these forums, and they posted links to the malicious ZIP archives in their forum posts.
On execution, the script launches a self-extracting (SFX) archive that infects the target computer with various malware strains, such as the DarkMe, GuLoader, and Remcos RAT.
These provide the attacker with remote access privileges on the infected computer. DarkMe malware has previously been used in crypto and financially motivated attacks.
At least 130 devices have been infected with the malware, and the financial losses to the victims are unknown.
If you think that you may have been infected with the malware, you should immediately change your passwords and scan your computer for malware. You should also contact your crypto exchange to report the incident.
Also Read: Crypto Scammers Exploit ChatGPT in Big Botnet Attack on X
