The developers behind file compression software WinRAR have patched a zero-day vulnerability that allowed hackers to install malware onto unsuspecting victims’ computers, enabling them to hack into their crypto and stock trading accounts.
On Aug. 23, Singapore-based cybersecurity firm Group-IB reported a zero-day vulnerability in the processing of the ZIP file format by WinRAR.
The zero-day vulnerability tracked as CVE-2023-38831, was exploited for approximately four months, allowing hackers to install malware when a victim clicked on files in an archive. The malware would then allow hackers to breach online crypto and stock trading accounts, according to the report.
Using the exploit, the threat actors were able to create malicious RAR and ZIP archives that displayed seemingly innocent files such as JPG images or PDF text documents. These weaponized ZIP archives were then distributed on trading forums targeting crypto traders offering strategies such as “best Personal Strategy to trade with Bitcoin.”
Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023.
The report confirmed that the malicious archives found their way onto at least eight public trading forums infecting at least 130 devices, however, the victim’s financial losses were unknown.
On execution, the script launches a self-extracting (SFX) archive that infects the target computer with various malware strains, such as the DarkMe, GuLoader, and Remcos RAT.
These provide the attacker with remote access privileges on the infected computer. DarkMe malware has previously been used in crypto and financially motivated attacks.
The researchers notified RARLABS which patched the zero-day vulnerability in WinRAR version 6.23, released on Aug. 2.
Related: Crypto investors under attack by new malware, reveals Cisco Talos
In August, smartphone giant BlackBerry identified several malware families that actively aimed to hijack computers to mine or steal cryptocurrencies.
The same month also revealed a newly discovered remote access tool called HVNC (Hidden Virtual Network Computer) that can enable hackers to compromise Apple operating systems was found on sale on the dark web.
Magazine: Should crypto projects ever negotiate with hackers? Probably
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Wrapped SOL 
USDC 
Lido Staked Ether 
Dogecoin 
TRON 
Cardano 
Figure Heloc 
Wrapped stETH 
Wrapped Beacon ETH 
Wrapped Bitcoin 
Hyperliquid 
Chainlink 
Bitcoin Cash 
Wrapped eETH 
Stellar 
Ethena USDe 
Sui 
USDS 
WETH 
Binance Bridged USDT (BNB Smart Chain) 
Hedera 
Avalanche 
LEO Token 
Coinbase Wrapped BTC 
Litecoin 
USDT0 
Monero 
WhiteBIT Coin 
Shiba Inu 
Toncoin 
Cronos 
Mantle 
Zcash 
Ethena Staked USDe 
Polkadot 
Dai 
Bittensor 
Uniswap 
World Liberty Financial 
MemeCore 
Aave 
Ethena 
OKB 
sUSDS 
Bitget Token