|
|
Critical WinRAR flaw exploited - TechAmok
Critical WinRAR flaw exploited - [security]
03:51 AM EDT - Mar,28 2019 - post a comment In one campaign, according to a report published by researchers from security firm FireEye, attackers are spreading files that purport to contain stolen data. One file, titled leaks copy.rar, contains email addresses and passwords that were supposedly compromised in a breach. Attackers claim another file, cc.rar, contains stolen credit card data. Other files have names including zabugor.rar, ZabugorV.rar, Combolist.rar, Nulled2019.rar, and IT.rar.
Hidden inside the files are payloads from a variety of different malware families. They include a keylogger known as QuasarRat and malware containing Chinese language text known as Buzy.
The FireEye report identified three other campaigns, including:
- One that impersonates an educational accreditation body that seems to use a PDF letter copied from the website of the Council on Social Work Education as a decoy. When extracted, the RAR file plants a Visual Basic script in the computer's startup folder. The script causes the computer to install a remote-access trojan called Netwire.
- An attack targeting the Israeli military industry that uses decoy files related to SysAid, a helpdesk service based in Israel. A malicious payload, dubbed SappyCache, will decrypt a file stored in a temporary folder to obtain the address of a command and control channel. SappyCache will then attempt to download and install a second-stage malware file from the server. The server never responded during the FireEye analysis.
- An attack potentially targeting a single person in Ukraine that uses a purported PDF message from the country's former President Viktor Yanukovych. The exploit drops a batch file into the startup folder that, when executed, installed a payload dubbed Empire.
FireEye isn't the only firm that's seeing such exploits. A separate report from security firm Symantec said that an espionage hacking outfit known both as Elfin and APT33 has been spotted exploiting the WinRAR vulnerability against a target in the chemical industry of Saudi Arabia.
Attackers sent a spear-phishing email to at least two employees in the targeted company. The email included a file dubbed JobDetails.rar. If extracted on a computer using a vulnerable version of WinRAR, the attack could install any file of the attackers' choice. Prior to the attack, Symantec updated its software to block exploits. The protection prevented the attack from working against the targeted company. |
|
Short overview of recent news articles |
|
Stop Wasting Money on Premium Monitors (Nov,26 2025 ) The Blackest Friday - Tech News Nov 23 (Nov,23 2025 ) T-Roc: Will this new VW be the best car of 2026? (Nov,23 2025 ) Can I build my own Steam Machine? (Nov,23 2025 ) 50 NEXT-LEVEL Gadgets Every Man NEEDS to See (Nov,22 2025 ) RETURN TO SILENT HILL Trailer (2026) (Nov,22 2025 ) I was WRONG about the Porsche 911 GT3 (or was I?) (Nov,20 2025 ) Pi GPT Tool Turns Raspberry Pi into a ChatGPT-Powered Smart Device (Nov,20 2025 ) Rainbow Six Siege X - Official 'Team Rainbow's Last Mission' (Nov,17 2025 ) Stranger Things Seasons 1-4 Recap (Nov,17 2025 ) Kill Bill: The Whole Bloody Affair - Official Trailer (2025) Uma (Nov,16 2025 ) The Devil Wears Prada 2 - Official Teaser Trailer (2026) Meryl (Nov,15 2025 ) Valve’s New Console and Controller - STEAM Machine & STEAM (Nov,15 2025 ) Valve Steam Machine, Desktop SteamOS, Steam Frame VR, & Controller | (Nov,15 2025 ) Battlefield REDSEC - Official Live-Action Trailer (Nov,01 2025 ) What's the Best PC Upgrade (besides CPU/GPU)? (Nov,01 2025 ) Directive 8020 - RTX On Trailer (Oct,31 2025 ) Stranger Things 5 - Official Trailer (Oct,30 2025 ) AMD Releases Software Adrenalin Edition 25.10.2 WHQL Drivers (Oct,29 2025 ) Exploding AMD CPUs | Investigating ASRock's Murderboards (Oct,29 2025 ) Setting Up Our First Huge Gaming Event was CHAOS (Oct,29 2025 ) Malware of the Future: What an infected system looks like in 2025 (Oct,27 2025 ) F1: Race Highlights | 2025 Mexico City Grand Prix (Oct,27 2025 ) F1: Qualifying Highlights | 2025 Mexico City Grand Prix (Oct,26 2025 ) New Big Windows 11 25H2 October Update - New Taskbar Battery Icons (Oct,25 2025 ) Apple Prepping 'Transfer to Android' Feature, Including 3rd-Party (Oct,25 2025 ) HW News - RIP Internet, RAM Prices Skyrocket from AI Demand, Intel (Oct,24 2025 ) Retro Gaming PC Upgrades go WRONG! (Oct,21 2025 ) How social media has ruined us - the more time you spend online, the (Oct,21 2025 ) FERRARI 12 CILINDRI // 340KMH REVIEW on AUTOBAHN (Oct,20 2025 ) ROG Xbox Ally X - a PC Gamer's Perspective (Oct,20 2025 ) Race Highlights | 2025 United States Grand Prix (Oct,20 2025 ) RedMagic Puts Liquid Cooling in its New Gaming Phone (Oct,18 2025 ) Russia Says U.S. Is Planning a $37 Trillion Crypto Reset (Oct,18 2025 ) Tor Browser says no to Firefox's AI features as it removes them (Oct,18 2025 ) NVIDIA GeForce 581.57 WHQL Driver (Oct,14 2025 ) Samsung One UI 8.5 vs iOS 26 - COMPARISON (Oct,13 2025 ) Google Turned Down by Supreme Court, Must Open up App Payments (Oct,12 2025 ) AMD releases new 25.10.1 preview graphics driver with Battlefield 6 (Oct,10 2025 ) MERCY Official Trailer (2026) Chris Pratt (Oct,10 2025 ) Galaxy S26 Ultra - Samsung, Please Don't Copy This (Oct,07 2025 ) Canada's Las Vegas Sphere is here - and I game on it (Oct,06 2025 ) Predator: Badlands - Official Final Trailer (2025) (Oct,06 2025 ) Chasing a Gaming World Record (Oct,04 2025 ) Frankenstein - Official Trailer (2025) Guillermo del Toro, Oscar (Oct,02 2025 ) iPhone 17 Pro Max vs 16 Pro Max / Pixel 10 Pro XL / Galaxy S25 Ultra (Oct,02 2025 ) iOS 26.0.1 is Out! - What's New? (Sep,30 2025 ) NEW! 2026 Audi Q3 2.0 TFSI (265hp) vs. e-hybrid (272hp)| 0-100 km/h (Sep,30 2025 ) Samsung One UI 8.5 Hands on - I Was Wrong (Sep,29 2025 ) iPhone Air Teardown - What is 3D Printed Titanium? (Sep,28 2025 )
>> News Archive <<
| |
|
