A known vulnerability in the file-archiving tool WinRAR continues to proliferate because not enough users are installing the patch, according to Google.
The company today warned that “multiple government-backed hacking groups” have been exploiting the flaw, dubbed CVE-2023-3883, to deliver malware. "The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available,” Google wrote in a blog post.
WinRAR actually patched the flaw on Aug. 2 with version 6.23, after hackers had been abusing it since April. The only problem is that WinRAR lacks an auto-update feature, meaning users have to manually download and install updates from WinRAR’s website to stay protected.
“A patch is now available, but many users still seem to be vulnerable,” Google says.
The company has observed state-sponsored hackers taking advantage of the flaw in recent weeks, including “Sandworm,” a Russian-state sponsored group suspected of having ties to the country’s military. Last month, Google uncovered a phishing email that looked like it came from a Ukrainian drone warfare training school targeting Ukrainian users.