/?pid=20683

Updated:05:04 AM EST Jan 22
this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
ARTICLES
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
FORUMS
LINKS


(C) 2006-2025 TechAmok Independent
All Rights Reserved.


 
 Critical WinRAR flaw exploited - TechAmok

Critical WinRAR flaw exploited - [security]
03:51 AM EDT - Mar,28 2019 - post a comment

In one campaign, according to a report published by researchers from security firm FireEye, attackers are spreading files that purport to contain stolen data. One file, titled leaks copy.rar, contains email addresses and passwords that were supposedly compromised in a breach. Attackers claim another file, cc.rar, contains stolen credit card data. Other files have names including zabugor.rar, ZabugorV.rar, Combolist.rar, Nulled2019.rar, and IT.rar.

Hidden inside the files are payloads from a variety of different malware families. They include a keylogger known as QuasarRat and malware containing Chinese language text known as Buzy.

The FireEye report identified three other campaigns, including:

  • One that impersonates an educational accreditation body that seems to use a PDF letter copied from the website of the Council on Social Work Education as a decoy. When extracted, the RAR file plants a Visual Basic script in the computer's startup folder. The script causes the computer to install a remote-access trojan called Netwire.
  • An attack targeting the Israeli military industry that uses decoy files related to SysAid, a helpdesk service based in Israel. A malicious payload, dubbed SappyCache, will decrypt a file stored in a temporary folder to obtain the address of a command and control channel. SappyCache will then attempt to download and install a second-stage malware file from the server. The server never responded during the FireEye analysis.
  • An attack potentially targeting a single person in Ukraine that uses a purported PDF message from the country's former President Viktor Yanukovych. The exploit drops a batch file into the startup folder that, when executed, installed a payload dubbed Empire.

FireEye isn't the only firm that's seeing such exploits. A separate report from security firm Symantec said that an espionage hacking outfit known both as Elfin and APT33 has been spotted exploiting the WinRAR vulnerability against a target in the chemical industry of Saudi Arabia.

Attackers sent a spear-phishing email to at least two employees in the targeted company. The email included a file dubbed JobDetails.rar. If extracted on a computer using a vulnerable version of WinRAR, the attack could install any file of the attackers' choice. Prior to the attack, Symantec updated its software to block exploits. The protection prevented the attack from working against the targeted company.



Add your comment (free registrationrequired)

Short overview of recent news articles

Jan,22 2026 Xbox Developer Direct Livestream 2026 | Fable, Forza Horizon 6,
Jan,22 2026 Iridium Begins Testing its own Satellite Service for Phones
Jan,22 2026 AMD Releases Adrenalin Edition 26.1.1 WHQL Drivers
Jan,18 2026 AI in 2050
Jan,17 2026 iOS 26.2 Fixes Major Security Flaws
Jan,17 2026 Google Links its AI to Your Gmail and Photos for "Personal
Jan,17 2026 Fastest Koenigsegg v Fastest Bugatti: DRAG RACE
Jan,17 2026 Creating a 48GB NVIDIA RTX 4090 GPU
Jan,14 2026 CES was frickin weird, guys
Jan,12 2026 Lee Cronin's The Mummy - Official Teaser Trailer (2026) Jack
Jan,12 2026 Ferrari SF90 XX v Xiaomi SU7 Ultra: DRAG RACE
Jan,10 2026 Welcome to the Wasteland - Fallout (American TV series) fan video
Jan,09 2026 GOOD LUCK, HAVE FUN, DON'T DIE Trailer 2 (2026) Sam Rockwell
Jan,07 2026 NVIDIA Releases GeForce 591.74 WHQL Drivers with DLSS 4.5 Support
Jan,07 2026 Predator: Badlands Exclusive Deleted Scene (2025)
Jan,06 2026 Greenland 2: Migration - Official Trailer 3 (2026) Gerard Butler,
Jan,05 2026 The Best Laptops of 2025 - For Gaming, Creators & Students!
Jan,05 2026 Punkt Updates its Privacy-Focused Smartphone
Jan,05 2026 Clicks Launches New Ways to Add a Physical Keyboard to Your Life
Jan,05 2026 Building a PC for the First Time
Jan,03 2026 Building a PC in 2026
Jan,02 2026 I want this phone so bad... - Samsung Galaxy Z TriFold
Jan,02 2026 The Real Finewine Strikes Again: Ryzen 5600X, 5700X & 5800XT Revisit
Jan,02 2026 Nokia N8 Symbian Re-Awakened With Passion
Jan,02 2026 Europe Forces Apple to Open up More of iOS
Jan,02 2026 Must have Privacy and Security Tweaks: 2026 Edition
Jan,01 2026 How Did RAM Get So Expensive?!
Dec,31 2025 GeForce RTX 5090 prices to soar to $5,000 as NVIDIA and AMD prep GPU
Dec,30 2025 Hacker arrested for KMSAuto malware campaign with 2.8 million
Dec,29 2025 Killer Whale - Official Trailer (2026) Virginia Gardner, Mel
Dec,28 2025 NVIDIA Showed Me Their Supercomputer
Dec,28 2025 2026 CPU Launches! AMD, Intel & NVIDIA: Buy Now or Wait?
Dec,27 2025 Disable this Windows Feature that Secretly Eats Up RAM!
Dec,27 2025 New Windows 11 vs Old Malware: Will it survive?
Dec,27 2025 Samsung TriFold Durability Test: We found the limit
Dec,26 2025 TRUST WALLET CONFIRMS SECURITY BREACH
Dec,26 2025 Xiaomi 17 Ultra Leads And Samsung To Follow With A 10 Percent Price
Dec,25 2025 Merry Christmas Gaming Insanity
Dec,24 2025 Battlefield 6 - Official PS5 Features Trailer
Dec,24 2025 NVIDIA GeForce Hotfix Driver 591.67 Released
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs