YouTube player

Beware of what you download! A malicious actor has attempted to disguise a malware as a proof of concept exploit for the recently released WinRAR vulnerability.

WinRAR was recently discovered to suffer from an improper validation issue which can be exploited to achieve remote code execution on the victim’s machine. Four days after the flaw was announced, the threat actor released the malicious fake proof of concept exploit on GitHub. Unfortunately for those who downloaded the script, the Proof of Concept is fake and does not exploit the WinRAR vulnerability. The code looked like a modification of a different Proof of Concept exploit for a different software application. However, when the script is executed, it attempts to install a malware and creates a scheduled task to run the malware every three minutes. The malware has keylogging, data stealing and remote code execution capabilities. There has been a rise in fake Proof of Concept exploits trying to target security researchers and other cyber criminals. This fake Proof of Concept has since been reported and the attack is no longer active.

This segment was created for the It’s 5:05 podcast