A rogue’s gallery of bad actors is exploiting that critical WinRAR flaw

by
Dan Goodin
from Ars Technica - All content on (#4BZ6B)
GettyImages-180832603-800x442.jpg

Enlarge (credit: iStock / Getty Images)

A critical vulnerability in the WinRAR file-compression utility is under active attack by a wide range of bad actors who are exploiting the code-execution flaw to install password stealers and other types of malicious software.

In one campaign, according to a report published by researchers from security firm FireEye, attackers are spreading files that purport to contain stolen data. One file, titled leaks copy.rar, contains email addresses and passwords that were supposedly compromised in a breach. Attackers claim another file, cc.rar, contains stolen credit card data. Other files have names including zabugor.rar, ZabugorV.rar, Combolist.rar, Nulled2019.rar, and IT.rar.

Hidden inside the files are payloads from a variety of different malware families. They include a keylogger known as QuasarRat and malware containing Chinese language text known as Buzy.

Read 8 remaining paragraphs | Comments

index?i=FnoprqWJX1U:3DccUZEPyew:V_sGLiPB index?i=FnoprqWJX1U:3DccUZEPyew:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments