đ Date: 19 Oct, 2023
Source: Gizmodo
Image: Rawpixel.com (Shutterstock)
Government-backed hackers from Russia and China exploited a known vulnerability in outdated versions of WinRAR, the worldâs most popular compression tool with over 500 million users. Googleâs Threat Analysis Group (TAG) said Wednesday it observed a number of government-backed hacking campaigns utilizing the WinRAR bug starting in early 2023.
âTo ensure protection, we urge organizations and users to keep software fully up-to-date and to install security updates as soon as they become available,â said Googleâs Kate Morgan in a TAG blog post.
The vulnerability exists in all of RARLABâs WinRAR products prior to version 6.23, released in August shortly after the bug was discovered. The vulnerability was brought to light by Group-IB, identifying how hackers were able to infiltrate a finance forum full of traders, infect 130 of the forum memberâs devices, and withdraw funds from their brokerage accounts.
âThe cybercriminals are exploiting a vulnerability that allows them to spoof file extensions,â wrote Andrey Polovinkin, Malware Analyst at Group-IB, in a blog post back in August. âThey are able to hide the launch of malicious script within an archive masquerading as a â.jpgâ, â.txtâ, or any other file format.â
Google identified the Russian Armed Forces group âSandwormâ as a hacker exploiting this vulnerability in WinRARâs code. Sandworm specifically targeted users with some connection to the energy and defense sectors in Ukraine and Eastern Europe through phishing campaigns. Another group âAPT 40,â which has been linked to Chinaâs State Department, was identified by Google as launching a malicious campaign against Papua New Guinea.
In a note on WinRARâs version 6.23, the first update to patch the bug, RARLAB thanked Group-IB and the Zero Day Initiative for making them aware of the vulnerability, and âhighly recommends to install the latest version.â
It has long been understood that users donât update their software as much as they should, especially people who are not super comfortable using computers to begin with.
âThese recent campaigns exploiting the WinRAR bug underscore the importance of patching and that there is still work to be done to make it easy for users to keep their software secure and up-to-date,â said Googleâs TAG team.