iTnews Asia
  • Home
  • News
  • Security

Google researchers spot WinRAR exploits in the wild

Google researchers spot WinRAR exploits in the wild

Russian, Chinese actors using patched vulnerability.

By Richard Chirgwin on Oct 19, 2023 12:20PM

A vulnerability in the popular WinRAR archiving utility is being exploited by state actors, despite of being patched in August.

According to Google’s Threat Analysis Group (TAG), the exploits began early this year, before the bug was publicly known.

“A patch is now available, but many users still seem to be vulnerable,” Google TAG’s advisory states. 

“TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.”

The bug is a logical vulnerability “causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows’ ShellExecute when attempting to open a file with an extension containing spaces,” TAG explains. 

“The vulnerability allows attackers to execute arbitrary code when a user attempts to view a benign file (such as an ordinary PNG file) within a ZIP archive.”

Google said Group-IB had seen exploits deployed since April against financial traders.

Campaigns seen by Google TAG include Russia’s Sandworm group impersonating a Ukrainian drone training school to deliver an information stealer; a campaign by Frozenlake (AKA APT28), a Russian-attributed group, attacking Ukrainian infrastructure; another from Frozenlake deploying a malicious PowerShell script known as Ironjaw to create a reverse SSH shell controlled by the attacker; and an apparently Chinese-sourced attack against targets in Papua New Guinea.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
google russia security threat anlysis group ukraine winrar

Related Articles

  • How can the Agentic AI workspace remain secure for APAC organisations?
  • AI-fuelled attacks forcing enterprises to rethink security architecture
  • Malicious AI agents can severely disrupt APAC enterprises
  • A data-first AI strategy is critical to managing security threats in 2026
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

How can the Agentic AI workspace remain secure for APAC organisations?

How can the Agentic AI workspace remain secure for APAC organisations?

AI-fuelled attacks forcing enterprises to rethink security architecture

AI-fuelled attacks forcing enterprises to rethink security architecture

Malicious AI agents can severely disrupt APAC enterprises

Malicious AI agents can severely disrupt APAC enterprises

How severe will ransomware attacks become in 2026?

How severe will ransomware attacks become in 2026?

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.