This is a fake proof of concept that they created just to scam. They have taken advantage of this latest bug that affects WinRAR, to launch a supposed exploit to check whether your program is vulnerable or not. The problem is that you are actually downloading the VenomRAT malware.
Fake WinRAR exploit
A group of security researchers from Unidad 42, from Palo Alto Networks, have reported how an attacker has uploaded malicious code to GitHub. This is an exploit or proof of concept for the vulnerability registered as CVE-2023-40477. This vulnerability allows arbitrary code to be executed when a RAR archive is opened.
This vulnerability has already been corrected, but it is necessary to have the latest version of WinRAR installed. If a user has not updated the program, this exploit could help identify the flaw. But of course, we are really facing a scam and this proof of concept is not going to help improve security.
The attacker included a summary of the file, as well as a video explaining the threat. If the victim executes this fake exploit, what he does is create a PowerShell script and execute it. That script is responsible for downloading the VenomRAT malware. This is a keylogger, so it will log keystrokes and store them in a text file. In this way, they could steal passwords or personal data.
The malware will establish communication with a server controlled by the attackers. This is how you exchange information and send everything you have previously stolen. It is a major problem, as you can see, since it exposes passwords and information of all kinds that could have been stolen.
How to protect yourself
If you have used this WinRAR exploit, without a doubt the first thing you should do is change your passwords. You may have been in danger, so it is advisable to prevent and check that everything is perfect. As always, we also recommend enabling two-step authentication and reducing risk.
Beyond this recommendation, it is also essential avoid using unofficial programs, as well as having everything well updated. In this case, make sure you have WinRAR with the latest version and avoid using exploits of this type if you do not know 100% that it is something reliable that you can run.
It is also important to always have a good antivirus. This type of security program will help you detect threats that may arrive in the form of malware. A clear example is keyloggers, like what we have seen from the WinRAR exploit. Of course, it is key to choose a guarantee program.
As you can see, WinRAR is once again in the focus of cybersecurity. In this case, it is a malicious exploit that they created and that you should avoid using. There are always risks when downloading files from the Internet, but also when using programs that are not reliable.
