
image credit: unsplash
A threat actor with possible connections to Russia’s financially motivated Evilnum group is targeting users in online cryptocurrency trading forums via a now-patched bug in the popular WinRAR file compression and archiving utility.
The bug, tracked as CVE-2023-38831, allowed the attackers to hide malicious code in zip archives masquerading as “.jpg,” “.txt,” and other file formats, and then distribute them in online cryptocurrency trading forums.