If anyone wants to read further on the matter depicted in the OP, these articles treat the topic in depth:
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/
The former link points to an article written by the guys that discovered the vulnerability, that has actually been around under active exploitation since April 2023 (as per their words). In essence, malicious zip files were spread through various routes, including trading and crypto forums. These zip files, when opened from Winrar, exploit the said Winrar vulnerability by:
Here’s an example post on a well know bitcoin forum. It may actually look quite familiar …:
As usual, we should never download/open files that have a dubious origin, even though one could say that the content of some of these files may seem innocent:
It also seems wise to update Winrar now to the latest (patched) version.
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/
The former link points to an article written by the guys that discovered the vulnerability, that has actually been around under active exploitation since April 2023 (as per their words). In essence, malicious zip files were spread through various routes, including trading and crypto forums. These zip files, when opened from Winrar, exploit the said Winrar vulnerability by:
Quote
The cybercriminals are exploiting a vulnerability that allows them to spoof file extensions, which means that they are able to hide the launch of malicious script within an archive masquerading as a ‘.jpg’, ‘.txt’, or any other file format <…>
A ZIP archive was crafted to deliver various malware families: DarkMe, GuLoader, Remcos RAT
These extra goodies allow scumbags to install keyloggers, capture screenshots, perform remote access and so forth.A ZIP archive was crafted to deliver various malware families: DarkMe, GuLoader, Remcos RAT
Here’s an example post on a well know bitcoin forum. It may actually look quite familiar …:
It also seems wise to update Winrar now to the latest (patched) version.