Crypto investors have lost billions of dollars due to protocol hacks. Now, they are targeted with a new vulnerability that could result in significant losses. There is a way to prevent this. Let’s discuss the details of the recent vulnerability and the necessary precautions.
WinRAR Security Vulnerability
The WinRAR Remote Code Execution Security Vulnerability (CVE-2023-40477) is particularly dangerous for crypto investors. An attacker can exploit this vulnerability by convincing the target to visit a malicious webpage or simply by opening a malicious file to remotely execute code.
WinRAR has revealed a security vulnerability of high importance that can potentially be exploited by threat actors to achieve remote code execution on Windows systems.
According to the Zero Day Initiative (ZDI), the issue is caused by the failure to properly validate user-supplied data, which can lead to memory access after the end of an allocated buffer. An attacker can exploit this security vulnerability to execute code within the current process context.
Successful exploitation of the vulnerability requires user interaction, such as visiting a malicious page or opening a rigged archive file.
Warning for Crypto Investors
We advise you to avoid downloading files from unknown sources on the computers where you use your crypto wallets and exchange accounts. If you download files from unreliable sources, you can easily fall victim to the 0day vulnerabilities in WinRAR, even if you use paid antivirus software. 0day vulnerabilities are exploited by a small number of attackers when the system/program administrators have not yet patched the vulnerabilities.
This latest vulnerability, known as Goodbyeselene, was discovered and reported by a security researcher on June 8, 2023. However, it is difficult to determine how long it has been active. Interestingly, even if you use paid antivirus software, an attacker exploiting this vulnerability can easily hack you through the following steps:
- The attacker lures you into downloading a RAR file in some way.
- When you open the RAR file, the attacker remotely executes the actual backdoor.
- Everything you do on your computer, including capturing your camera images, is reported to the attacker through RAT (Remote Access Trojan) or keylogger-like applications.
- Your saved passwords and wallet information become accessible to the attacker.
- If the attacker runs a RAT (a popular Trojan from the past), they can remotely control everything you do on your computer.
So, what should crypto investors do, especially? The issue was addressed in the WinRAR 6.23 version released on August 2, 2023. Therefore, the first thing you should do is update your version from the official website. To avoid being affected by 0day vulnerabilities, do not download files from unreliable sources. Additionally, paid antivirus programs that offer web security layers will protect you from most attack methods (except for FUD (fully undetectable) viruses and 0days).
