Criminals use WinRAR vulnerability for theft of funds from broker accounts
Take action: If you didn't feel enough urgency to patch your WinRAR so far, think about the possibility of a hacker stealing your money from your bank account by simply sending you a malicious ZIP or RAR file
Learn More
Cybercriminals have already seized upon a zero-day vulnerability in WinRAR in a targeted campaign against brokerage traders to steal money.
The flaw enables hackers to embed harmful scripts within seemingly innocuous archive files, and those scripts are executed by the simple action of uncompressing the archive.
These archives, disseminated as malicious ZIP files on specialized brokerage trading forums, have been in use since April to compromise users' systems. Once activated, these malicious scripts enable unauthorized access to victims' brokerage accounts, facilitating unauthorized financial transactions and fund withdrawals.
While 130 traders' devices were identified as infected, the precise financial losses remain unknown. The perpetrators behind this exploit remain unidentified, yet their employment of the DarkMe trojan, associated with the "Evilnum" threat group focusing on financial organizations and trading platforms, has been observed.
