Google reports that malicious actors linked to the Russian and Chinese governments have recently initiated cyberattack campaigns using a WinRAR vulnerability that was addressed in August. Users who have not updated the popular file archiving program since then remain vulnerable.
The Zero Day Initiative discovered the issue, a buffer overflow problem caused by insufficiently validated data, in June. This could potentially allow attackers to access a target’s memory and remotely execute code. An attack would be triggered when a user double-clicks on an archive to open WinRAR and then double-clicks an embedded file to access it without unpacking the archive. Security company Group-IB stated that cybercriminals have been exploiting this vulnerability to target the financial sector since at least April.