A newly discovered zeroday in the widely used WinRAR file-compression program has been under exploit for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives.
The attackers have been using the vulnerability to remotely execute code that installs malware from families including DarkMe, GuLoader, and Remcos RAT.
WinRAR has more than 500 million users who rely on the program to compress large files to make them more manageable and quicker to upload and download.
Even when people do attempt to examine them for malice, antivirus software often has trouble peering into the compressed data to identify malicious code.
The malicious ZIP archives Group-IB found were posted on public forums used by traders to swap information and discuss topics related to cryptocurrencies and other securities.
“Our researchers also saw evidence that the threat actors were able to unblock accounts that were disabled by forum administrators to continue spreading malicious files, whether by posting in threads or sending private messages."
The original article contains 758 words, the summary contains 172 words. Saved 77%. I’m a bot and I’m open source!
This is the best summary I could come up with:
A newly discovered zeroday in the widely used WinRAR file-compression program has been under exploit for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives.
The attackers have been using the vulnerability to remotely execute code that installs malware from families including DarkMe, GuLoader, and Remcos RAT.
WinRAR has more than 500 million users who rely on the program to compress large files to make them more manageable and quicker to upload and download.
Even when people do attempt to examine them for malice, antivirus software often has trouble peering into the compressed data to identify malicious code.
The malicious ZIP archives Group-IB found were posted on public forums used by traders to swap information and discuss topics related to cryptocurrencies and other securities.
“Our researchers also saw evidence that the threat actors were able to unblock accounts that were disabled by forum administrators to continue spreading malicious files, whether by posting in threads or sending private messages."
The original article contains 758 words, the summary contains 172 words. Saved 77%. I’m a bot and I’m open source!