The National Telecommunication and Information Security Board (NTISB) has released a cybersecurity alert called “WinRAR Critical Vulnerability Exploited Through Phishing Emails.”
As per the advisory, hackers use phishing emails with custom-made attachments and password-protected WinRAR zip files.
When these files are opened, malicious software is triggered to run automatically. This happens because of a security hole in WinRAR, known as the WinRAR remote code execution vulnerability (CVE-2023-40477), which the attackers exploit on the victim’s computer.
According to the advisory, hackers can exploit vulnerabilities in WinRAR to gain complete control over users’ computers. They can steal personal files, block users’ access, and encrypt sensitive data. Expected consequences of these hacking attacks include ransomware, data theft, and data deletion.
The advisory recommends that users exercise caution and avoid opening or downloading any suspicious email attachments, particularly those in password-protected WinRAR or WinZip files. It also advises WinRAR users to update to the latest version, 6.23 or higher, to mitigate such threats.
The NTISB has shared this advisory with federal and provincial governments, urging them to disseminate it to their respective departments.
The NTISB has advised users to avoid downloading password-protected WinRAR files from untrusted sources. If you need to download a password-protected WinRAR file, make sure that you trust the file’s source and know the correct password.
Here are some tips to stay safe from password-protected WinRAR malware attacks:
- Only download password-protected WinRAR files from trusted sources.
- Do not download the file if you are unsure whether a source is trusted.
- If you need to download a password-protected WinRAR file, ensure you know the correct password.
- Do not download the file if you do not know the correct password.
- Keep your antivirus software up to date and scan all downloaded files for malware before opening them.
If you think you may have downloaded a password-protected WinRAR file containing malware, immediately disconnect your computer from the internet and run a full system scan with your antivirus software.