WinRAR Vulnerability

[Cam]

Cybercriminals are exploiting a zero-day vulnerability in WinRAR, the venerable shareware archiving tool for Windows, to target traders and steal funds.

Cybersecurity company Group-IB discovered the vulnerability, which affects the processing of the ZIP file format by WinRAR, in June. The zero-day flaw — meaning the vendor had no time, or zero days, to fix it before it was exploited — allows hackers to hide malicious scripts in archive files masquerading as .jpg images or .txt files, for example, to compromise target machines.

Group-IB says hackers have been exploiting this vulnerability since April to spread malicious ZIP archives on specialist trading forums. Group-IB tells TechCrunch that malicious ZIP archives were posted on at least eight public forums, which “cover a wide range of trading, investment, and cryptocurrency-related subjects.” Group-IB declined to name the targeted forums.

Source: https://techcrunch.com/2023/08/23/winrar-zero-day-funds-brokers/

Make sure WinRAR is up to date, if you still use it.

 

[Ravenfreak]

Glad I no longer use WinRAR, I use Window's built in zip file extractor and 7zip for other file formats that the Window's one can't open.

 

[Chev]

I still use it, but it stays updated nonetheless. Still a great tool for me and have used it for many years.

 

[Page]

I use it allot and I use the updated edition