Google: State hackers exploit vulnerability in WinRAR

State hackers from different countries are exploiting a previously noted vulnerability in WinRAR. This is reported by Google’s Threat Analysis Group. The vulnerability was already patched in August, but users must manually install this update.

Google’s Threat Analysis Group reports that hacker groups from different countries are taking advantage of CVE-2023-38831, a bug that was already discovered in July. The vulnerability allows hackers to execute arbitrary code when users try to open an innocent file from a zip archive. For example, hackers add a harmless PNG file next to a malware folder that has the same name as the PNG image. When users open the png file, the folder is also opened and malware can be installed.

WinRAR already released a patch in August that fixes the vulnerability. The bug has been fixed as of version 6.24 and 6.23. However, the software is not updated automatically; users have to download a new version from WinRAR website and install it manually. Google TAG urges users to install the new updates.

The vulnerability has been used since at least April 2023 to install malware on the systems of, for example, financial traders, says security company Group-IB. According to the Google Threat Analysis Group, the bug has also been used in actions against the Ukrainian government. Russian hacker group GRU, for example, tried to steal information from a drone training school in Ukraine. The same group also conducted spear-phishing campaigns targeting Ukrainian government organizations. A Chinese hacker group is also said to have distributed malware in Papua New Guinea. It previously emerged that the vulnerability has also been used to hack crypto trading accounts, also writes BleepingComputer.