Vulnerability Management

WinRAR zero-day leveraged to exfiltrate trader funds

TechCrunch reports that financial traders had their brokerage accounts targeted in attacks involving the exploitation of a zero-day flaw in Windows file archiver utility WinRAR to facilitate fund exfiltration since April. Malicious ZIP archives have been distributed by threat actors across eight or more public forums using the zero-day, tracked as CVE-2023-38831, which could be leveraged to conceal malicious scripts as .jpg or .txt files, according to a Group-IB report. While one of the targeted forums was able to alert users regarding the threat activity and worked to block attacker-controlled accounts, malicious file distribution persisted as threat actors were able to unlock disabled accounts, said researchers, who noted that at least 130 traders had their devices compromised in the attack. Threat actors behind the incident were also found to have leveraged the DarkMe Visual Basic trojan, establishing an association with the financially motivated threat operation Evilnum, also known as TA4563, but the evidence is still inconclusive.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.