|
|
Critical WinRAR flaw exploited - TechAmok
Critical WinRAR flaw exploited - [security]
03:51 AM EDT - Mar,28 2019 - post a comment In one campaign, according to a report published by researchers from security firm FireEye, attackers are spreading files that purport to contain stolen data. One file, titled leaks copy.rar, contains email addresses and passwords that were supposedly compromised in a breach. Attackers claim another file, cc.rar, contains stolen credit card data. Other files have names including zabugor.rar, ZabugorV.rar, Combolist.rar, Nulled2019.rar, and IT.rar.
Hidden inside the files are payloads from a variety of different malware families. They include a keylogger known as QuasarRat and malware containing Chinese language text known as Buzy.
The FireEye report identified three other campaigns, including:
- One that impersonates an educational accreditation body that seems to use a PDF letter copied from the website of the Council on Social Work Education as a decoy. When extracted, the RAR file plants a Visual Basic script in the computer's startup folder. The script causes the computer to install a remote-access trojan called Netwire.
- An attack targeting the Israeli military industry that uses decoy files related to SysAid, a helpdesk service based in Israel. A malicious payload, dubbed SappyCache, will decrypt a file stored in a temporary folder to obtain the address of a command and control channel. SappyCache will then attempt to download and install a second-stage malware file from the server. The server never responded during the FireEye analysis.
- An attack potentially targeting a single person in Ukraine that uses a purported PDF message from the country's former President Viktor Yanukovych. The exploit drops a batch file into the startup folder that, when executed, installed a payload dubbed Empire.
FireEye isn't the only firm that's seeing such exploits. A separate report from security firm Symantec said that an espionage hacking outfit known both as Elfin and APT33 has been spotted exploiting the WinRAR vulnerability against a target in the chemical industry of Saudi Arabia.
Attackers sent a spear-phishing email to at least two employees in the targeted company. The email included a file dubbed JobDetails.rar. If extracted on a computer using a vulnerable version of WinRAR, the attack could install any file of the attackers' choice. Prior to the attack, Symantec updated its software to block exploits. The protection prevented the attack from working against the targeted company. |
|
Short overview of recent news articles |
|
Windows 11 quietly gets a new security feature to protect system (Feb,01 2026 ) WARNING: TRUMP & RIPPLE/XRP SECRET AGREEMENT AT DAVOS (Feb,01 2026 ) China's new RAM company, CXMT, is selling RAM at $138 (Feb,01 2026 ) Windows keeps a permanent record of every USB device you've ever (Feb,01 2026 ) Intel Is BACK - Panther Lake Changes Everything (Feb,01 2026 ) NVIDIA Releases GeForce Security Update Driver 582.28 for Legacy (Jan,31 2026 ) AMD 'Zen 6' CCD Packs 12 Cores, 48 MB L3 Cache (Jan,31 2026 ) Microsoft Set to Disable Legacy NTLM Authentication by Default in (Jan,31 2026 ) NVIDIA GeForce 591.86 WHQL Driver (Jan,30 2026 ) iOS 26.3-Important New iPhone Location Privacy Feature Coming Soon (Jan,30 2026 ) I Made the Ultimate Steam Machine Before Valve (Jan,29 2026 ) Wardriver - Official Trailer (2026) Dane DeHaan, Sasha Calle, (Jan,29 2026 ) Apple Intros Improved AirTag (Jan,28 2026 ) US Version of TikTok off to Bumpy Start; Competitors Surge (Jan,28 2026 ) Google Chrome no longer needs you, as Gemini takes the driving seat (Jan,28 2026 ) Premium Subscriptions Coming to Facebook, Instagram, WhatsApp (Jan,27 2026 ) Windows 11 Best For Gaming? Windows 11 25H2 vs. Windows 10 (Jan,25 2026 ) Microsoft Says Uninstall This Windows Update Immediately (KB5077744 (Jan,24 2026 ) Xbox Developer Direct Livestream 2026 | Fable, Forza Horizon 6, (Jan,22 2026 ) Iridium Begins Testing its own Satellite Service for Phones (Jan,22 2026 ) AMD Releases Adrenalin Edition 26.1.1 WHQL Drivers (Jan,22 2026 ) AI in 2050 (Jan,18 2026 ) iOS 26.2 Fixes Major Security Flaws (Jan,17 2026 ) Google Links its AI to Your Gmail and Photos for "Personal (Jan,17 2026 ) Fastest Koenigsegg v Fastest Bugatti: DRAG RACE (Jan,17 2026 ) Creating a 48GB NVIDIA RTX 4090 GPU (Jan,17 2026 ) CES was frickin weird, guys (Jan,14 2026 ) Lee Cronin's The Mummy - Official Teaser Trailer (2026) Jack (Jan,12 2026 ) Ferrari SF90 XX v Xiaomi SU7 Ultra: DRAG RACE (Jan,12 2026 ) Welcome to the Wasteland - Fallout (American TV series) fan video (Jan,10 2026 ) GOOD LUCK, HAVE FUN, DON'T DIE Trailer 2 (2026) Sam Rockwell (Jan,09 2026 ) NVIDIA Releases GeForce 591.74 WHQL Drivers with DLSS 4.5 Support (Jan,07 2026 ) Predator: Badlands Exclusive Deleted Scene (2025) (Jan,07 2026 ) Greenland 2: Migration - Official Trailer 3 (2026) Gerard Butler, (Jan,06 2026 ) The Best Laptops of 2025 - For Gaming, Creators & Students! (Jan,05 2026 ) Punkt Updates its Privacy-Focused Smartphone (Jan,05 2026 ) Clicks Launches New Ways to Add a Physical Keyboard to Your Life (Jan,05 2026 ) Building a PC for the First Time (Jan,05 2026 ) Building a PC in 2026 (Jan,03 2026 ) I want this phone so bad... - Samsung Galaxy Z TriFold (Jan,02 2026 ) The Real Finewine Strikes Again: Ryzen 5600X, 5700X & 5800XT Revisit (Jan,02 2026 ) Nokia N8 Symbian Re-Awakened With Passion (Jan,02 2026 ) Europe Forces Apple to Open up More of iOS (Jan,02 2026 ) Must have Privacy and Security Tweaks: 2026 Edition (Jan,02 2026 ) How Did RAM Get So Expensive?! (Jan,01 2026 ) GeForce RTX 5090 prices to soar to $5,000 as NVIDIA and AMD prep GPU (Dec,31 2025 ) Hacker arrested for KMSAuto malware campaign with 2.8 million (Dec,30 2025 ) Killer Whale - Official Trailer (2026) Virginia Gardner, Mel (Dec,29 2025 ) NVIDIA Showed Me Their Supercomputer (Dec,28 2025 ) 2026 CPU Launches! AMD, Intel & NVIDIA: Buy Now or Wait? (Dec,28 2025 )
>> News Archive <<
| |
|
