WinRAR Zero-Day Vulnerability Allowed Hackers to Breach Crypto and Stock Trading Accounts

Developers of the file compression software WinRAR have fixed a zero-day vulnerability that was being exploited by hackers to install malware on unsuspecting victims' computers. The vulnerability allowed hackers to breach online crypto and stock trading accounts. The exploit was used for approximately four months, during which time malicious RAR and ZIP archives were distributed on trading forums, infecting at least 130 devices.

The malware allowed threat actors to withdraw money from broker accounts and was patched in WinRAR version 6.23, released on Aug. 2, after being reported by Singapore-based cybersecurity firm Group-IB.

Cybersecurity

Comments

All Comments

Recommended for you

Mint Blockchain ·

One Month of MintSwap Mining: A Celebration of Growth and Community

we’ve witnessed remarkable achievements and a surge in community engagement.
He Yi: Telegram accounts have been maliciously reported and banned. Users should be wary of scams impersonating related accounts

Binance co-founder He Yi posted on social media that "my Telegram account has been maliciously reported and banned. If someone claims to be Yi on Telegram, it is a scam."
The Hong Kong Monetary Authority calls on citizens to be vigilant about the use of "banking" behavior by overseas crypto asset institutions that are not licensed banks in Hong Kong

Hong Kong Monetary Authority has called on citizens to be vigilant and careful of certain offshore encrypted asset institutions that are not licensed banks in Hong Kong. They claim to be "banks" in Hong Kong or use the word "bank" when describing their products or services. These actions may have violated the "Banking Ordinance".
SlowMist: Suspicious activity related to vETH detected, users remain vigilant

blockchain security company SlowMist has issued a security alert, stating that suspicious activity related to vETH tokens has been detected. SlowMist reminds users to remain vigilant and pay attention to asset security. According to Cyvers Alerts analysis, hackers caused approximately $440,000 in losses through price manipulation. The attacker first obtained funds through Tornado Cash on the BNB Chain and then crossed the chain to Ethereum through Bridgers.
ZachXBT: Crypto exchange M2 was hacked yesterday and about $13 million was stolen

On November 1st, according to online detective ZachXBT on his personal channel, the cryptocurrency trading platform M2 was hacked yesterday, and approximately $13 million was stolen from multiple hot wallets.
SlowMist: The theft of 1.67 million EIGEN tokens originated from an external malicious attack

SlowMist announced in a post that it was commissioned to investigate independently the recent theft of 1.67 million EIGEN tokens. After a thorough investigation, SlowMist concluded that the incident was caused by an external malicious attack: an investor of Eigen Labs became a victim of a phishing attack, which led to the intrusion of an employee's email account. This allowed the attacker to access the email thread between the investor, Eigen Labs, and the custodian, where they discussed transferring EIGEN tokens to the custodian, who would hold the tokens on behalf of the investor.
Tapioca DAO suspected of security attack

According to Aggr News, Tapioca DAO, a full-chain currency market based on LayerZero, may have been subject to a security breach. The specific details are currently unclear, and users should remain vigilant and avoid interacting with unknown links or suspicious activities.
EigenLayer X account suspected to be hacked, posting fraudulent links

EigenLayer X account is suspected to have been hacked, and a tweet was posted about the re-allocation of the remaining EIGEN tokens for the 2nd season Stakedrop, which includes a fraudulent link. Users should be cautious when interacting with it.
The front-end of DEX Ambient on the Scroll chain is suspected to have been hacked

According to an announcement on the Ambient Finance Discord channel, the Scroll DEX protocol on the blockchain was suspected to have been hacked. Users are advised not to sign transactions and to avoid interacting with the dApp.
SlowMist: About 55 million DAI that were stolen were sent to different addresses and most of them were converted into ETH

On August 22nd, according to SlowMist monitoring, approximately 55 million DAI stolen from a user in a previous phishing attack was sent to different addresses, but some were collected again at address 0x8cc568f3565a7ed44b3b0af8765a7ef67b8bc2dc. Most of it was later exchanged for ETH.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

March 27 - March 27

Seoul

Recently Searched

Hot Coins

Trending

Daily Must-Read

Welcome Back

Join CoinTime

Sign in with email

Sign up with email

Check your inbox

WinRAR Zero-Day Vulnerability Allowed Hackers to Breach Crypto and Stock Trading Accounts

All Comments

Recommended for you

One Month of MintSwap Mining: A Celebration of Growth and Community

He Yi: Telegram accounts have been maliciously reported and banned. Users should be wary of scams impersonating related accounts

The Hong Kong Monetary Authority calls on citizens to be vigilant about the use of "banking" behavior by overseas crypto asset institutions that are not licensed banks in Hong Kong

SlowMist: Suspicious activity related to vETH detected, users remain vigilant

ZachXBT: Crypto exchange M2 was hacked yesterday and about $13 million was stolen

SlowMist: The theft of 1.67 million EIGEN tokens originated from an external malicious attack

Tapioca DAO suspected of security attack

EigenLayer X account suspected to be hacked, posting fraudulent links

The front-end of DEX Ambient on the Scroll chain is suspected to have been hacked

SlowMist: About 55 million DAI that were stolen were sent to different addresses and most of them were converted into ETH

Daily Must-Read

Uniswap Labs, UNI holders could make $468M a year from new L2: DeFi Report

Avalanche Foundation to buy back nearly 2M AVAX sold to Terra in 2022

Gold Fever Hits Costco: 77% of Stores Sell Out Amid Soaring Demand for Bullion

$500M Bitcoin Buried in Landfill: Man Sues City After Decade-Long Battle for Recovery

Former BAYC creative director Jeff Nicholas joins Meta’s Reality Labs

Why is Solana's Dogwifhat (WIF) memecoin crashing?

Popular Activities

Delysium $AGI & AI Private Yacht Party

Popular Tags

Share