WinRAR users are urged to update the applications to the latest release after a security vulnerability has been discovered. The popular Windows archive tool was being exploited by multiple state-sponsored hacking groups according to Google’s Threat Analysis Group (TAG). The report states that the exploit campaign started in early 2023 when the bug was still unknown to cybersecurity defenders.
Cybercriminals were able to exploit the CVE-2023-38831 zero-day vulnerability to weaponize ZIP archives to serve as carriers for various malware. The attacks were initially financially motivated targeting traders as reported by Group-IB researchers.
The exploit gets triggered once a user attempts to view a file such as a PNG image within a ZIP archive. Upon execution, threat actors were able to gain browser login data and Local State Directory files – a folder created by Chrome browser that contains information about the state of the browser such as history and bookmarks. This information is then exported to the threat actor’s server.
The vulnerability has since been fixed in the latest software update. However, some may be unaware of the patch availability. Even more unfortunate, the popular program with over 500 million users worldwide lacks an auto-update feature.
TAG warns, “The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available.” So it is important that if you are a user you ensure to have the latest update. Alternatively, if you’re on Windows 11, you can simply use the native RAR support.
You can download the latest WinRAR software here.