| Product and Affected Versions: WinRAR compression software versions prior to 6.23 **The attackers use malicious archive files that exploit this vulnerability.** |
| Severity and CVE ID: CVE-2023-38831 |
| Vulnerability: CVE-2023-38831 is a vulnerability that allows attackers to execute arbitrary code when attempting to view a benign file within a ZIP archive using WinRAR. |
| How the Attack Works: The attack involves using malicious archive files that exploit the WinRAR vulnerability. These archives contain a booby-trapped PDF file. When clicked, it triggers a Windows Batch script execution. The script launches PowerShell commands to open a reverse shell, providing remote access to the compromised host. Additionally, a PowerShell script is deployed to steal data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen information is exfiltrated via a legitimate web service, “webhook[.]site.” |
| Remediations: To mitigate this threat, users are advised to update WinRAR to a version beyond 6.23 to patch the vulnerability. Exercise caution when opening archive files from untrusted or unknown sources. Regularly update and maintain security software and employ best practices for cybersecurity. |
| Reference: The information is based on a report published by Cluster25 |
