With over 500 million users worldwide, WinRAR is one of the most popular compression tools. You would probably struggle to find someone who has never downloaded or opened this vital tool. If somebody receives an archive in an email with malicious content, they will most likely open it with WinRAR. Consequently, threat actors invest time in identifying vulnerabilities in this and other popular programs commonly utilized by internet users.
On July 10, 2023, while researching the spread of DarkMe malware the Group-IB Threat Intelligence unit came across a previously unknown vulnerability in the processing of the ZIP file format by WinRAR. By exploiting a vulnerability within this program, threat actors were able to craft ZIP archives that serve as carriers for various malware families. Weaponized ZIP archives were distributed on trading forums. Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023... Read More!
