Google’s Threat Analysis Group team has found a vulnerability in WinRAR that is currently being actively exploited by several hacker groups. Some of the attackers are believed to work for multiple governments.

A new security hole has emerged in the Windows archive program WinRAR. The threat had the code CVE-2023-38831 and was reported by Google’s Threat Analysis Group (TAG). He discovered that several attackers are exploiting the vulnerability for financial gain or on behalf of some foreign powers.

Diverse attack audience

The vulnerability has been exploited since at least April, but was not yet known. It allows attackers to execute arbitrary code if someone wants to view a regular file in ZIP format.

In addition to individual groups that primarily use vulnerability to make money, more strategically oriented groups are also active. Both Russian-linked hackers and China-linked groups appear to be actively exploiting CVE-2023-38831 for actions against other nations.

Updating pays off

WinRAR released a new version in August with fixes for several bugs, including CVE-2023-38831. However, many users are still vulnerable.

TAG urges users to install security updates as they become available and generally keep software up to date. A drum that we like to keep beating.

A vulnerability in WinRAR was also reported in August, posing a potential threat to millions of systems. You don’t necessarily have to install WinRAR for RAR files now; Windows 11 now supports the files by default.