Free Video Downloader

Fast and free all in one video downloader

For Example: https://www.youtube.com/watch?v=OLCJYT5y8Bo

1

Copy shareable video URL

2

Paste it into the field

3

Click to download button

Hackers exploit WinRAR zero-day bug to steal funds from broker accounts
August 25, 2023

Hackers exploit WinRAR zero-day bug to steal funds from broker accounts

MediaDownloaderSecurity
Reading Time: 2 minutes

Cybercriminals are exploiting a zero-day vulnerability in WinRAR, the venerable shareware archiving tool for Windows, to target traders and steal funds.

Cybersecurity company Group-IB discovered the vulnerability, which affects the processing of the ZIP file format by WinRAR, in June. The zero-day flaw — meaning the vendor had no time, or zero days, to fix it before it was exploited — allows hackers to hide malicious scripts in archive files masquerading as ‘.jpg’ images or ‘.txt’ files, for example, to compromise target machines.

In the case of one of the targeted forums, administrators became aware that malicious files were shared and subsequently issued a warning to their users. The forum also took steps to block the accounts used by the attackers, but Group-IB saw evidence that the hackers were ‘able to unlock accounts that were disabled by forum administrators to continue spreading malicious files, whether by posting in threads or private messages.’

One victim told Group-IB researchers that the hackers attempted to withdraw their money, but were unsuccessful.

It’s not known who is behind the exploitation of the WinRAR zero-day. However, Group-IB said it observed the hackers using DarkMe, a VisualBasic trojan that has previously been linked to the ‘Evilnum’ threat group.

Evilnum, also known as ‘TA4563’, is a financially motivated threat group that has been active in the U.K. and Europe since at least 2018. The group is known for targeting mainly financial organizations and online trading platforms. Group-IB said that while identifying the DarkMe trojan, it ‘cannot conclusively link the identified campaign to this financially motivated group.’

Group-IB says it reported the vulnerability, tracked as CVE-2023-38831, to WinRAR-maker Rarlab. An updated version of WinRAR (version 6.23) to patch the issue was released on August 2. 

Reference: https://techcrunch.com/2023/08/23/winrar-zero-day-funds-brokers/

Ref: techcrunch

MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG

Cybersecurityvulnerabilitywinrarzero-day flaw

Leave a Reply

Your email address will not be published. Required fields are marked *