Lack of Patching Lets Russian, Chinese Hackers Exploit WinRAR Flaw
A known vulnerability in the file-archiving tool WinRAR continues to proliferate because not enough users are installing the patch, according to Google.
The company today warned that “multiple government-backed hacking groups” have been exploiting the flaw, dubbed CVE-2023-3883, to deliver malware. "The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available,” Google wrote in a blog post.
WinRAR actually patched the flaw on Aug. 2 with version 6.23, after hackers had been abusing it since April. The only problem is that WinRAR lacks an auto-update feature, meaning users have to manually download and install updates from WinRAR’s website to stay protected.
“A patch is now available, but many users still seem to be vulnerable,” Google says.
The company has observed state-sponsored hackers taking advantage of the flaw in recent weeks, including “Sandworm,” a Russian-state sponsored group suspected of having ties to the country’s military. Last month, Google uncovered a phishing email that looked like it came from a Ukrainian drone warfare training school targeting Ukrainian users.
“The email contained a link to an anonymous file-sharing service, fex[.]net, which delivered a benign decoy PDF document with a drone operator training curriculum and a malicious ZIP file exploiting CVE-2023-38831,” Google added. Opening a document within the ZIP file can secretly trigger a PC to install an “infostealer” malware program capable of pilfering login credentials.
In a separate incident, Google found evidence that another Russian-state sponsored hacking group dubbed “Fancy Bear” created a phishing page to trick Ukrainian users into
Read more on pcmag.com
