The newest release, 6.24, also addressed the security issue. (That is, RAR files created in a specific way to exploit that flaw.) It released on August 2 and should be available to all WinRAR users. "To ensure protection, we urge organizations and users to keep software fully up-to-date and to install security updates as soon as they become available," said Google's Kate Morgan in a TAG blog post.Īs reported by Bleeping Computer, WinRAR version 6.23 fixes this issue along with others, like a flaw that allows commands to be executed if you open certain kinds of rar files. But unbeknownst to you, WinRAR was also tricked into loading a script in the background, which installs malware that lets attackers steal money from brokerage accounts. You double-click on one to open it, which it does. It's full of seemingly innocent documents - PDFs, text files, JPG images. The way it works: You open a malicious zip file in WinRAR, which is your default program for all compressed file formats on your PC (after you've installed WinRar, of course). Google's Threat Analysis Group (TAG) said Wednesday it observed a number of government-backed hacking campaigns utilizing the WinRAR bug starting in early 2023. Government-backed hackers from Russia and China exploited a known vulnerability in outdated versions of WinRAR, the world's most popular compression tool with over 500 million users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |