Sunday, Dec 22, 2024

If you use WinRAR, update immediately to patch a serious zero-day vulnerability

WinRAR users should update their software immediately as reports of a zero-day vulnerability have surfaced. According to reports, the WinRAR software has been exploited to install malware when clicking on harmless files in an archive, allowing hackers to breach multiple online cryptocurrency trading accounts.

WinRAR is a popular software for archiving and opening .rar and .zip files, and thus it has been installed on countless systems around the world. This particular exploit, however, has only been active since April 2023, according to BleepingComputer. The exploit is currently flagged and tracked as CVE-2023-38831, and it has been used to distribute malware from the DarkMe, GuLoader, and Remcos RAT families.


Malware detected warning screen.

Malware detected warning screen. Image source: Getty Images

The exploit essentially allowed threat actors to create .rar and .zip archives with malicious files inside that appeared innocent enough. These .jpg and text files would then cause a script to be executed that installs malware on the targeted device when opened. BleepingComputer tested the exploit from an archive shared by Group-IB, which originally discovered the campaign.

If you use WinRAR on your personal or business computer, then you should upgrade to WinRAR version 6.23, which was released on August 2, 2023. This version resolves the WinRAR zero-day and includes fixes for other WinRAR security vulnerabilities that have cropped up over the past few months.

The exploit appears to have been intended to target crypto traders, though it doesn’t mean you should rule yourself out, as bad actors like this usually throw a wide net, hoping to catch as many unsuspecting users as possible. In recent history, we’ve seen other zero-day exploits pop up for other popular software and apps, including a Chrome zero-day exploit back in December 2022 and even exploits for ChatGPT as early as April 2023.

When these exploits are uncovered, the best thing you can do is update your software as soon as possible and avoid clicking on any files you do not recognize.

Don't Miss: Microsoft could bring AI to the Windows 11 Paint app

The post If you use WinRAR, update immediately to patch a serious zero-day vulnerability appeared first on BGR.

Today's Top Deals

  1. MyQ smart garage opener with 67,000 5-star reviews is under $22 today
  2. Amazon gift card deals, offers & coupons 2023: Get $425+ free
  3. Best deals: Tech, laptops, TVs, and more sales

Trending Right Now:

  1. I’m an iPhone 14 Pro user, and I don’t plan to upgrade to iPhone 15 – but here’s the model I’d get if I did
  2. Apple almost leaked the iPhone 15 in Mexico City
  3. The best TV shows of the past 25 years, according to actual fans
------------
Read More
By: Joshua Hawkins
Title: If you use WinRAR, update immediately to patch a serious zero-day vulnerability
Sourced From: bgr.com/tech/if-you-use-winrar-update-immediately-to-patch-a-serious-zero-day-vulnerability/
Published Date: Wed, 23 Aug 2023 21:20:00 +0000