Hackers exploit a vulnerability in WinRAR to hide malware in a ZIP file. Those who use WinRAR should update to the latest version.

Group-IB security researchers have found that this vulnerability has been actively exploited since April. Attackers use the popular WinRAR tool to compress files into a ZIP folder, which they distribute via Internet forums. In this folder, they then drop fake JPG or TXT files that contain malicious code.

When the unsuspecting victim enters the folder, it gets installed on the device. Thanks to this method, the malware often remained hidden from virus scanners.

As always, it is the attackers who want to make a quick buck. Some victims reported that the attackers tried to break into their brokerage accounts to steal crypto coins. According to Group-IB, 130 victims are known so far.

Two for the price of one

This is another vulnerability in WinRAR than the one we reported on Tuesday. Known as CVE-2023-40477, this vulnerability exploited RAR files to install malicious code. The error we are talking about in this article is called CVE-2023-38831. The solution for both vulnerabilities is the same: update WinRAR to the latest version 6.23.

WinRAR was previously affected by zero-day vulnerabilities. Due to the large number of users, such vulnerabilities can potentially reach millions of people quickly. Windows 11 users have less to worry about. RAR support is now built into the OS by default, reducing the need for software like WinRAR.