Most of us use WinRar for unzip RAR and ZIP files on our computers, ad like every other software in existence, this too, has its fair share of vulnerabilities. The most recent and most dangerous vulnerability, also known as CVE-2023-38831, has come in the limelight once again, as the Ukrainian National Security and Defense Council (NDSC) has now reported that a Russian State-Sponsored threat actor known as NOBELIUM is using this vulnerability to target foreign embassies.
Now, what exactly is the CVE-2023-38831 vulnerability within WinRar?
Unlike other vulnerabilities, which tend to be minor, CVE-2023-38831 is known to be a cut above the rest. By exploiting this vulnerability, the threat actors or other parties can install malicious code on the recipient’s computer, which in turn can cause serious mayhem. Some of the common malware that is being circulated using this vulnerability are info stealers, which are used to grab passwords, classified documents, and system information, among others.
In this present case, the attackers were targeting government organizations in Azerbaijan, Greece, Romania, and Italy, with fake BMW sales. But how did they do it?
Well, they sent emails to the employees within the embassy, offering a diplomatic BMW car at an attractive price. The images of the car were stored in a ZIP or RAR file. When the employee open the file to view the images of the car, the malicious code would install itself in the background.
βIn this nefarious tactic, they utilize Ngrok’s services by utilizing free static domains provided by Ngrok, typically in the form of a subdomain under “ngrok-free.app.” These subdomains act as discrete and inconspicuous rendezvous points for their malicious payloads,β the organization said.
Now, one good news here is that this vulnerability is affecting systems that are running WinRar version 6.23. The developer of WinRar, RAR Labs, has confirmed that the latest patch for the software has addressed this vulnerability, and all users are recommended to install the same.
Make sure you update the copy of WinRar on your computers to protect your system from such an attack. If you do not have WinRar and want to use the same, you can install it from here – Click Here
