Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

VenomRAT malware spread via fake WinRAR PoC

A dangerous exploit exploiting WinRAR RCE vulnerability spreads VenomRAT malware

Threat actor releases fake PoC to exploit vulnerabilities in WinRAR, spreading VenomRAT malware via GitHub. Attacks of this type are common and target researchers analyzing vulnerabilities.
Gruppo ECP

FROM THE GAP TO THE FINISH LINE
We transform challenges into business successes
DISCOVER HOW

Gruppo ECP

FROM THE GAP TO THE FINISH LINE
We transform challenges
into business successes
DISCOVER HOW

This pill is also available in Italian language

An unknown threat actor has released a fake proof of concept (PoC) to exploit the recently patched CVE-2023-4047 Remote Code Execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware.

The fake WinRAR PoC

On August 17, 2023, Trend Micro's Zero Day Initiative reported RCE vulnerability (CVE-2023-4047) that allowed threat actors to execute arbitrary code on an affected WinRAR installation.

The GitHub repository and the spread of malware

The attacker (“whalersplonk”) took the opportunity to release a fake PoC on GitHub just four days after the vulnerability was publicly announced.

Malware spreads through PoCs

This is not the first time malware spreaders have used this technique; Threat actors often target researchers seeking public PoCs to help them analyze and understand vulnerabilities.

Follow us on Twitter for more pills like this

09/21/2023 11:08

Marco Verro

Complementary pills

Vulnerability exploited in WinRAR for zero-day attacksSerious WinRAR vulnerability puts users' cyber security at risk: discovery and solutions

Last pills

Cloudflare repels the most powerful DDoS attack ever recordedAdvanced defense and global collaboration to tackle new challenges of DDoS attacks

Silent threats: the zero-click flaw that compromises RDP serversHidden risks in remote work: how to protect RDP servers from invisible attacks

Discovery of vulnerability in Secure Boot threatens device securityFlaw in the Secure Boot system requires urgent updates to prevent invisible intrusions

North korean cyberattacks and laptop farming: threats to smart workingAdapting to new digital threats of remote work to protect vital data and infrastructures

Don’t miss the most important news
Enable notifications to stay always updated