WinRAR continues to be exploited by hackers to attack vulnerabilities

According to TechRadar , security concerns about the popular file compression software WinRAR were first raised in early 2022, when hackers exploited vulnerabilities in the software to attack end users.

Now, the situation is repeating itself as there are new reports that a hacker nicknamed APT29, also known as Cosy Bear/NOBELIUM, is exploiting the WinRAR vulnerability to attack government agencies.

As reported by Bleeping Computer , the National Defense and Security Council of Ukraine (NDSC) claims it has observed APT29 targeting government agencies with phishing emails with the vulnerability coded CVE-2023-38831.

CVE-2023-38831 is a vulnerability in the WinRAR file compression program, discovered in April this year. It allows hackers to create .RAR and .ZIP archives that can execute malicious code in the background, while the victim is paying attention to the shared contents inside the archive. The malware deployed by APT29 is capable of stealing information, grabbing passwords saved in browsers, confidential documents, system information, etc.

APT29 is reportedly targeting government organizations in Azerbaijan, Greece, Romania, and Italy. Victims will receive a fake email offering a BMW for sale, and while they are focused on viewing the image of the car, the malware will be silently installed.

The CVE-2023-38831 vulnerability affects WinRAR software versions older than 6.23. RAR Labs released a patch a few months ago, advising all users to install this version.