Be cautious if you have WinRAR installed on your computer: warning of a critical flaw used for stealing money

Computers & Laptops | September 2, 2023

Be cautious if you have WinRAR installed on your computer: warning of a critical flaw used for stealing money

Despite the passage of years, WinRAR continues to be one of the first programs that most users install on their new computers. Although WinRAR may no longer be as necessary due to the latest Windows developments related to compressed files, for many people, it’s still the best and most familiar option. While most users don’t pay for WinRAR, that has never been a problem for its creators.

However, what can indeed be a significant problem is a new vulnerability recently discovered in WinRAR, which could open the door for hackers to access our data, or worse yet, our money.

The issue is so serious that the Incibe (National Cybersecurity Institute), under the Ministry of Economic Affairs and Digital Transformation, has issued a warning on its website, social media, and email list, detailing the steps we need to take to protect ourselves.

Severe flaw in WinRAR

The flaw was discovered last June by the cybersecurity company Group-IB, although the details were not made public until this week, to give WinRAR developers time to find a solution. However, based on victim testimonies gathered by researchers, some hackers have been exploiting the vulnerability at least since April.

The problem is a ‘bug,’ a flaw in WinRAR’s code that allows the execution of small programs (called ‘scripts’) just by opening ZIP files that appear normal and ordinary, and that can contain JPG images or TXT text files. In reality, those images do not exist, and the code included in the file executes when opened with WinRAR.

Hackers targeted internet forums dedicated to financial investment with this attack; the attackers distributed the ZIP files among users. Once the file was opened, the included code granted access to accounts used for managing users’ private investments. This allowed hackers to transfer all the money to their accounts and make investments without permission. According to researchers, at least 130 investors were infected, but it is not clear how much money they lost; some victims confirmed that the attackers attempted to withdraw money from their accounts but didn’t succeed, probably due to other security measures.

The good news is that this vulnerability has already been fixed; however, we must ensure to update WinRAR to the latest version as soon as possible to avoid falling victim to a similar attack. Specifically, we should update WinRAR to version 6.23, which is already available through the official WinRAR website.

Related Posts: