MICROSOFTSECURITYTech

Beware of the WinRAR Zero-Day Bug: How Russia and China are Hacking Your Computer

Danura Santhush Silva
By Danura Santhush Silva 5 Min Read

If you use WinRAR, the popular file archiving tool for Windows, you might be at risk of being hacked by state-sponsored hackers from Russia and China. According to Google security researchers, these hackers are exploiting a zero-day bug in WinRAR that allows them to execute malicious code on your computer by tricking you into opening a fake archive file.

Contents
What is the WinRAR Zero-Day Bug?How are Hackers Exploiting the WinRAR Zero-Day Bug?How Can You Protect Yourself from the WinRAR Zero-Day Bug?

In this article, we will explain what the WinRAR zero-day bug is, how it is being exploited by hackers, and what you can do to protect yourself.

What is the WinRAR Zero-Day Bug?

The WinRAR zero-day bug, also known as CVE-2023-38831, is a file extension spoofing vulnerability that affects all versions of WinRAR prior to 6.23. It allows attackers to create malicious archive files that look like harmless images or documents, but actually contain hidden code that can execute on your computer when you try to view the file inside the archive.

This bug was discovered by cybersecurity firm Group-IB in August 2023, who reported that it had been used as a zero-day attack since April 2023 to target financial traders. The firm notified RARLabs, the developer of WinRAR, who released an updated version (6.23) on August 2 to patch the vulnerability.

However, Google’s Threat Analysis Group (TAG) revealed this week that they have observed multiple government-backed hacking groups exploiting the same bug, even after the patch was released. TAG said that “many users” who have not updated WinRAR remain vulnerable.

How are Hackers Exploiting the WinRAR Zero-Day Bug?

Google’s researchers have identified several hacking campaigns that are using the WinRAR zero-day bug to compromise computers around the world. Some of these campaigns are linked to notorious state-sponsored hacking groups from Russia and China, such as:

  • Sandworm: A Russian military intelligence unit that is known for launching destructive cyberattacks, such as the NotPetya ransomware attack in 2017 and the Ukrainian power grid blackout in 2015. TAG observed Sandworm exploiting the WinRAR bug in early September as part of a phishing campaign that impersonated a Ukrainian drone warfare training school. The emails contained a link to a malicious archive file that installed information-stealing malware on the victim’s computer and stole browser passwords.
  • Fancy Bear: Another Russian hacking group, also known as APT28, that is best known for hacking the Democratic National Committee in 2016. TAG also observed Fancy Bear using the WinRAR bug to target users in Ukraine under the guise of an email campaign impersonating the Razumkov Centre, a public policy think tank in Ukraine.
  • APT40: A Chinese hacking group, also known as Leviathan or Temp.Periscope, that is linked to China’s Ministry of State Security. TAG found evidence that APT40 abused the WinRAR bug as part of a phishing campaign targeting users based in Papua New Guinea.

These are not the only hacking groups that are exploiting the WinRAR bug. Another threat intelligence company, Cluster25, reported last week that they had also observed pro-Russian hackers using the same bug as part of a phishing campaign designed to harvest credentials from compromised systems. Cluster25 said they assessed with “low-to-mid confidence” that Fancy Bear was behind this campaign as well.

How Can You Protect Yourself from the WinRAR Zero-Day Bug?

The best way to protect yourself from the WinRAR zero-day bug is to update your WinRAR software to the latest version (6.23 or higher), which fixes the vulnerability. You can download it from [WinRAR’s official website].

You should also be careful when opening archive files from unknown or suspicious sources. Do not open any file inside an archive unless you trust its origin and content. You can also scan archive files with an antivirus software before opening them.

Additionally, you should always keep your operating system and other software updated with the latest security patches. You should also use strong passwords and enable two-factor authentication for your online accounts. These measures will help you prevent hackers from accessing your computer and stealing your data.

The WinRAR zero-day bug is a serious threat that could allow hackers to take over your computer. You should update your WinRAR software as soon as possible and be vigilant about opening archive files. By following these tips, you can stay safe from cyberattacks.

Share This Article
Previous Article Apple’s New $79 Pencil: A Cheaper and More Convenient Stylus for iPad Users
Next Article How Bulletproof Is Tesla’s Cybertruck? Elon Musk Claims It Can Take A Tommy Gun, But Some Are Doubtful
5 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Anwize

FOLLOW US

Register Lost your password?