Published: August 28, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
If you are among the 500 million users of WinRAR, the world's most popular compression tool, it's time to update your software. A recent vulnerability, rated high in severity, could put your system at risk. RARLAB, the developer behind WinRAR, has released a new version—WinRAR 6.23—that addresses this critical issue, as well as one that was discovered earlier in the summer. And it should be applied immediately, as the cybercriminals are already taking advantage of both of them.
Formally identified as CVE-2023-40477, the first disclosed vulnerability stems from a weakness in how the software validates user-supplied data. If you open a compromised RAR file, it could cause the software to gain memory access, potentially leading to malicious code execution. In simpler terms, this error can pave the way for hackers to execute malicious code right on your machine.
The issue came to light on June 8, when a security researcher known as "goodbyeselene" discovered it while working with Trend Micro's ZDI. RARLAB was informed by ZDI about the vulnerability on August 17. The company then issued an updated version of WinRAR on August 2, which not only fixes this critical issue but also patches other, less severe, bugs.
The new version also fixes an issue where double-clicking on an item in a specially created archive would cause WinRAR to open the wrong file. Additionally, temporary files created during the extraction or testing of multiple archives will now be deleted immediately.
Adding insult to injury, a zero-day bug that was found back in June that also takes advantage of a separate issue with WinRAR is being actively exploited now. That one allows anyone who chooses to use it to hide malware inside of images such as .jpg, as well as within text (.txt) files. Once again proving to us all that any type of file may be used against us in a phishing attack. In the particular cases documented by Group-IB, the attackers were able to access brokerage accounts and make withdrawals and other financial transactions. One hundred thirty traders were known to be affected, but it’s likely far more have become victims since and more likely will join them. If you want to check out more details, it’s tracked as CVE- 2023-38831 and is also fixed in version 6.23.
The alarming aspect of these situations is that the sheer size of WinRAR's user base makes it a lucrative target for malware creators. Many users neglect to update their software regularly, leaving their systems vulnerable. Most of the time, we recommend activating automatic updates. However, WinRAR cannot be updated automatically, so if you haven't updated your software yet, now is the time to do so.
As is the norm these days, phishing is the way attackers succeed in so many cases. So, make sure to look carefully at email messages, texts, and everything else to be sure you really want to click something. If you don’t know the sender, aren’t sure what an attachment or link might be, or just get an unconfident feeling about something you receive, delete it or check with the sender independently of the message to be sure they intended to send it and that’s safe to click.
Microsoft announced earlier this year that Windows, specifically Windows 11, would offer native support for RAR files. While this is a welcome addition, it is still crucial to keep third-party software like WinRAR up to date to ensure the security of your system.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org