Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

WinRAR zero-day bug exploited to steal trader funds

Magnifying glass enlarging the word 'malware' in computer machine code

A bug in the way WinRAR handles .ZIP files is being exploited to steal money from crypto traders and other market speculators. 

Analysis from cybersecurity experts Group-IB discovered a group of criminals started distributing a malicious .ZIP archive across multiple forums where traders gather to share ideas, experiences, and similar. 

Visitors to at least eight such forums were targeted by the zero-day flaw, tracked as CVE-2023-38831, with the archive carrying a malicious script hidden inside a .JPG or .TXT file.

Hundreds of victims

While administrators to some of the forums were quick to react and warn their users of the attack, they weren’t fast enough, Group-IB said, stating that they found evidence of hackers unlocking accounts “that were disabled by forum administrators to continue spreading malicious files.”

The malware grants the attackers access to their victims’ brokerage accounts, the researchers further explained, which allowed them to pull the money out. At least 130 traders had their endpoints infected, Group-IB said, but the researchers don’t know how much money was stolen in the process.

One victim said the withdrawal was unsuccessful.

While the researchers don’t know for certain who is behind this campaign, they suspect the threat actor to be “Evilnum”, also known as “TA4563”, as both these groups used a Visual Basic trojan called DarkMe. Evilnum was first observed some five years ago, targeting trading platforms and financial organizations in the UK and Europe. 

Cryptocurrency traders are a popular target among hackers due to the way the blockchain is designed. Once a transaction is initiated, in most cases it’s impossible to reverse. 

The flaw has since been fixed with a patch, and if you’re worried about being targeted, make sure your WinRAR is on version 6.23.

Via: TechCrunch

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.