Fake WinRAR PoC Exploit Conceals VenomRAT MalwareFake WinRAR PoC Exploit Conceals VenomRAT Malware
A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.
September 20, 2023

In a new twist on the cybercrime penchant for trojanizing things, a threat actor recently pounced upon a "hot" vulnerability disclosure to create a fake proof of concept (PoC) exploit that concealed the VenomRAT malware.
According to research from Palo Alto Networks, the cyberattacker, who goes by "whalersplonk," took advantage of a very real remote code execution (RCE) security bug in WinRAR (CVE-2023-40477) that was made public on Aug. 17. The attacker quickly pulled together a convincing but fake PoC for the bug, which it pushed out to a GitHub repository the same week knowing that the flaw would attract attention — WinRAR, after all, has more than 500 million users worldwide.
The PoC was believable because it was based on a publicly available PoC script for a SQL injection vulnerability in an application called GeoServer, according to the researchers. In reality, once opened, it kicked off an infection chain that ended with the VenomRAT payload being installed on victim computers. VenomRAT appeared for sale in Dark Web forums over the summer, loaded with spyware and persistence capabilities.
While this sort of gambit would at first appear to be part of the tried-and-true tradition of targeting security researchers with espionage tools, Palo Alto researchers think it was actually more of a lark for the perpetrator.
"It is likely [that] the actors are opportunistic and looking to compromise other miscreants trying to adopt new vulnerabilities into their operations," according to the firm's research, issued Sept. 19. "The actors acted quickly to capitalize on the severity of an RCE in a popular application."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023