Even I had read somewhere about the vulnerability in WinRar but didn't know it had this much impact.
It's good that the fix was available soon. I still have WinRar on my personal laptop but I use 7zip on my office laptop.
I like 7zip more than WinRar. It's always a best practice to download softwares from official sources and keep them always up to date.
Topic: A must read if you are running Crypto wallet on PC (Read 365 times)
Here’s an example post on a well know bitcoin forum. It may actually look quite familiar …:
[image]
[image]
Oh god, I remember this. It's quite sad that some people took the bait when a lot of members [on the mentioned topic] have already warned others not to download the file since OP there was being suspicious -- there is no need to place them in a rar file + newbie
Like I used to use WinRar since I first owned a PC and didn't even have the intention to replace WinRar.
But seeing that Winrar is quite vulnerable like that, then 7zip is a good choice for me to switch from Winrar. Of course there will be a few more vulnerabilities, rather than risk it is better to use one that has been proven safe.
But seeing that Winrar is quite vulnerable like that, then 7zip is a good choice for me to switch from Winrar. Of course there will be a few more vulnerabilities, rather than risk it is better to use one that has been proven safe.
It's not the first time as well, see: Hackers Exploit 19-Year-Old WinRAR Vulnerability
However, if someone likes to download random files on the same device they do important stuff, I'm afraid it defeats the purpose of switching.
Some people still run free version of AntiVirus on their PCs today, and some are using a crack version of software, thinking they are smart, funny thing is cracking tools have their flaws too.
Most cracked software are available through torrent downloading websites and they always have outdated software cracked, this is also part of the problem.
Say No To the Following on PC.
1. Downloading anything from torrent links.
2. Using cracked software on PC
3. Running cracked games on PC.
4. Using an outdated Antivirus Software.
5. Visiting every websites especially those will hundreds of Ads.
Here’s an example post on a well know bitcoin forum. It may actually look quite familiar …:
[image]
[image]
Oh god, I remember this. It's quite sad that some people took the bait when a lot of members [on the mentioned topic] have already warned others not to download the file since OP there was being suspicious -- there is no need to place them in a rar file + newbie
Like I used to use WinRar since I first owned a PC and didn't even have the intention to replace WinRar.
But seeing that Winrar is quite vulnerable like that, then 7zip is a good choice for me to switch from Winrar. Of course there will be a few more vulnerabilities, rather than risk it is better to use one that has been proven safe.
But seeing that Winrar is quite vulnerable like that, then 7zip is a good choice for me to switch from Winrar. Of course there will be a few more vulnerabilities, rather than risk it is better to use one that has been proven safe.
It's not the first time as well, see: Hackers Exploit 19-Year-Old WinRAR Vulnerability
However, if someone likes to download random files on the same device they do important stuff, I'm afraid it defeats the purpose of switching.
If Winzip or winrar is vulnerable to attacks then why not use different app that works the same as both apps you mentioned like 7zip or better go to the original website of winrar or winzip to download the app rather than downloading from a source that you yourself are not even sure if it's safe or not. That's the problem to some people where they downloaded the app from other source even though there's an original source where you can download the file. Well, if you are sure with your desktop then there are other ways to have a wallet that isn't vulnerable to hacks or attacks.
The vulnerability affected the old versions and they are available on the official website, there is no point using other softwares since the solution to this problem is updating the software and the most important lesson for readers here is no always make sure they use up to date softwares on their PC, it doesn't have to be files extracting softwares like WinRar or Winzip, it can be other softwares, hackers spend time with versions that are old and they try to find ways to breach its security, newer updates always guarantee more security layer and better patches than the previous version.
Updates are truly important.
But I didn't know that for such software like winrar/winzip, they're going to be like this. Well, threat actors are really going to find anything threatening to make themselves a favor by penetrating to the users that are not careful enough.
It is for the entirety of being a PC user, everything that we're using should be updated to the latest version and that's the reason why updates are coming. It's because of the vulnerability that has been detected by the software itself so, developers create a better version to make it more secured.
But I didn't know that for such software like winrar/winzip, they're going to be like this. Well, threat actors are really going to find anything threatening to make themselves a favor by penetrating to the users that are not careful enough.
It is for the entirety of being a PC user, everything that we're using should be updated to the latest version and that's the reason why updates are coming. It's because of the vulnerability that has been detected by the software itself so, developers create a better version to make it more secured.
If you know what you are doing, even a separate USB stick (with a live OS and so on) will do.
But if you are a newbie and not that knowledgeable with computers too maybe, then hardware wallet should be your friend.
I used WinRAR many years ago. Now I see it as an outdated software, 7zip being superior. But I know many people that are so used to WinRAR they still have it. Thanks OP for the warning.
Like I used to use WinRar since I first owned a PC and didn't even have the intention to replace WinRar.But if you are a newbie and not that knowledgeable with computers too maybe, then hardware wallet should be your friend.
I used WinRAR many years ago. Now I see it as an outdated software, 7zip being superior. But I know many people that are so used to WinRAR they still have it. Thanks OP for the warning.
But seeing that Winrar is quite vulnerable like that, then 7zip is a good choice for me to switch from Winrar. Of course there will be a few more vulnerabilities, rather than risk it is better to use one that has been proven safe.
If you have Crypto above $10k, you should just buy a separate device with Linux on it to just operate your Wallet. Keep it disconnected from the Internet and just connect once you want to do a transaction or something. This way you can save a lot of money and prevent most of these attacks. You cannot be up to date with every new attack going on in the Cryptospace, so keeping your system generally safe should be the priority.
yeah even 5k is enough to have a wallet only pc. Also many people like running Nodes themselves to make more money, we can't do without windows PC when it comes to making money even if you have a hardware wallet, few things will keep making you to go back.
If Winzip or winrar is vulnerable to attacks then why not use different app that works the same as both apps you mentioned like 7zip or better go to the original website of winrar or winzip to download the app rather than downloading from a source that you yourself are not even sure if it's safe or not. That's the problem to some people where they downloaded the app from other source even though there's an original source where you can download the file. Well, if you are sure with your desktop then there are other ways to have a wallet that isn't vulnerable to hacks or attacks.
If anyone wants to read further on the matter depicted in the OP, these articles treat the topic in depth:
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/
The former link points to an article written by the guys that discovered the vulnerability, that has actually been around under active exploitation since April 2023 (as per their words). In essence, malicious zip files were spread through various routes, including trading and crypto forums. These zip files, when opened from Winrar, exploit the said Winrar vulnerability by:
Here’s an example post on a well know bitcoin forum. It may actually look quite familiar …:
As usual, we should never download/open files that have a dubious origin, even though one could say that the content of some of these files may seem innocent:
It also seems wise to update Winrar now to the latest (patched) version.
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/
The former link points to an article written by the guys that discovered the vulnerability, that has actually been around under active exploitation since April 2023 (as per their words). In essence, malicious zip files were spread through various routes, including trading and crypto forums. These zip files, when opened from Winrar, exploit the said Winrar vulnerability by:
Quote
The cybercriminals are exploiting a vulnerability that allows them to spoof file extensions, which means that they are able to hide the launch of malicious script within an archive masquerading as a ‘.jpg’, ‘.txt’, or any other file format <…>
A ZIP archive was crafted to deliver various malware families: DarkMe, GuLoader, Remcos RAT
These extra goodies allow scumbags to install keyloggers, capture screenshots, perform remote access and so forth.A ZIP archive was crafted to deliver various malware families: DarkMe, GuLoader, Remcos RAT
Here’s an example post on a well know bitcoin forum. It may actually look quite familiar …:
It also seems wise to update Winrar now to the latest (patched) version.
Before you freak out, there is a fix and it's the simplest of all, just update your WinRar to the latest version and you are good.
I have just one question; if I should download the old version that’s prone to attacks from the official website. Will I still be open to those attacks or is it the the free versions from unknown sources.
I know that download softwares from unofficial sites are not advisable as they could contain softwares that were altered or softwares that contains malware that poses security risks to your system, so I just want to know if the official versions still have the bug or not.
Right now the latest version of WinRar is 6.23 and the vulnerability is already been patched on this 6.23 version.
Sorry to ask, is there another means to store my coin without having to get a wallet only pc? I am aware that for one to be able to purchase a coin worth $5k in the first place they should be able to have spare for the security of the coin but what about that of someone who have just a few hundred dollars worth of Bitcoin? Is there a way to store them that will provide more security to the coins?
I'm still a beginner at Bitcoin and the whole thing but I feel it's important to learn about security for future reference.
I'm still a beginner at Bitcoin and the whole thing but I feel it's important to learn about security for future reference.
If you know what you are doing, even a separate USB stick (with a live OS and so on) will do.
But if you are a newbie and not that knowledgeable with computers too maybe, then hardware wallet should be your friend.
I used WinRAR many years ago. Now I see it as an outdated software, 7zip being superior. But I know many people that are so used to WinRAR they still have it. Thanks OP for the warning.
If you have Crypto above $10k, you should just buy a separate device with Linux on it to just operate your Wallet. Keep it disconnected from the Internet and just connect once you want to do a transaction or something. This way you can save a lot of money and prevent most of these attacks. You cannot be up to date with every new attack going on in the Cryptospace, so keeping your system generally safe should be the priority.
yeah even 5k is enough to have a wallet only pc. Sorry to ask, is there another means to store my coin without having to get a wallet only pc? I am aware that for one to be able to purchase a coin worth $5k in the first place they should be able to have spare for the security of the coin but what about that of someone who have just a few hundred dollars worth of Bitcoin? Is there a way to store them that will provide more security to the coins?
I'm still a beginner at Bitcoin and the whole thing but I feel it's important to learn about security for future reference.
If you have Crypto above $10k, you should just buy a separate device with Linux on it to just operate your Wallet. Keep it disconnected from the Internet and just connect once you want to do a transaction or something. This way you can save a lot of money and prevent most of these attacks. You cannot be up to date with every new attack going on in the Cryptospace, so keeping your system generally safe should be the priority.
This is the best option for me since most of hackers wont waste time attacking linux OS, although this can be done but it will take time, since they have to brute force in where there is a report who is trying to access in putty once you have log-in, but lots of users are in windows, achieving files using 7zip, this works also on linux and windows, OP suggestion using this is a great option i have been using this for like several years now and i have never encounter a problem both in windows and linux, also if you are really don't want to be expose, avoid forwarding your IP address, and expose ports outside, I suggest using different ports and a fail2ban, I'm sure this have also a counterpart in windows, also avoid free softwares downloadable from torent etc. 
If you have Crypto above $10k, you should just buy a separate device with Linux on it to just operate your Wallet. Keep it disconnected from the Internet and just connect once you want to do a transaction or something. This way you can save a lot of money and prevent most of these attacks. You cannot be up to date with every new attack going on in the Cryptospace, so keeping your system generally safe should be the priority.
yeah even 5k is enough to have a wallet only pc. 
If you have Crypto above $10k, you should just buy a separate device with Linux on it to just operate your Wallet. Keep it disconnected from the Internet and just connect once you want to do a transaction or something. This way you can save a lot of money and prevent most of these attacks. You cannot be up to date with every new attack going on in the Cryptospace, so keeping your system generally safe should be the priority.
The first additional tip i can advise anyone in using a PC for his wallet is to disconnect the device from any form of Internet connectivity to increase it security practice in taking this measure, make it personal with you only having access to using it and don't think that your coins are well secured with the password guiding the PC, your private keys are more important in controlling any means to lead to your attack.
Thanks for the heads-up. I just checked and was relieved to see I do not have any WinRAR or WinZip installed on my device. But I am not sure if they are installed on my second device. But still If I get to open that device, I will try to disconnect from the internet, then try to remove that app totally, and I hope I will be good to go.
And you did not provide any of the source links from where you got the news, as it will be good to read the full back story of the case. Otherwise, I still have ways to find the source.
And TBH, I did not know 7zip was better than Winrar because anytime I have to download any zip software, I avoid downloading 7zip because of my bad experience with it. But I think now I have to change my priorities.
And you did not provide any of the source links from where you got the news, as it will be good to read the full back story of the case. Otherwise, I still have ways to find the source.
And TBH, I did not know 7zip was better than Winrar because anytime I have to download any zip software, I avoid downloading 7zip because of my bad experience with it. But I think now I have to change my priorities.
I have just one question; if I should download the old version that’s prone to attacks from the official website. Will I still be open to those attacks or is it the the free versions from unknown sources.
I know that download softwares from unofficial sites are not advisable as they could contain softwares that were altered or softwares that contains malware that poses security risks to your system, so I just want to know if the official versions still have the bug or not.
According to this source I think even if you have downloaded from the official source you need to update the Winrar. I know that download softwares from unofficial sites are not advisable as they could contain softwares that were altered or softwares that contains malware that poses security risks to your system, so I just want to know if the official versions still have the bug or not.
Venerable shareware archiving app WinRAR has recently been patched to fix an alarming flaw. The update to WinRAR version 6.23, spotted by Bleeping Computer, fixes the vulnerability to the high-severity CVE-2023-40477. In brief, earlier versions of WinRAR were vectors for running a program (arbitrary code execution) if an attacker could tempt the user to open a specially crafted RAR file.
I don't use Windows at all, but I know it very well. Explain why WinRAR is needed there. I recently installed Windows 10 in VirtualBox. I downloaded an image and installed a Windows system. Does this system need additional software? If you are afraid of getting infected with third-party programs that can bring trouble, work with what you have. There is no need to archive or compress anything.
It is enough for me to work on the software that Windows provides. By the way, if you delve into history, then any archiver on Windows was once accused of harmful content.
It's time to fall in love with Linux.
In this, in the built-in archiver, a danger to the user can just be hidden - vulnerabilities and viruses with an attack vector through new-old types of archives.It is enough for me to work on the software that Windows provides. By the way, if you delve into history, then any archiver on Windows was once accused of harmful content.
It's time to fall in love with Linux.
There are more recent versions of Windows - version 11. Windows 11 Insider has native support for working with 7-zip, rar, and more - link.
Which calls into question the use of those versions of Windows that have built-in applications, such as an archiver.
I will supplement OP's post with a link to an article about fixing a critical vulnerability in Winrar that allows malicious code to run in the system for the sake of completeness - link.
In general, ideally, it is strongly recommended (if possible) to separate the computer (have multiple devices) for everyday tasks and work with cryptocurrencies (with a minimum set of programs).
7Zip is open source and it should be your primary choice.
WinRar is not really a free software since it's showing ads all the time, and you have to pay to remove this ads (or use cracked version),but 7zip is very good basic option.There are few other open source alternatives for winrar, like PeaZip that looks much better, have better integration with OS, and it supports more files.
However, if you want to avoid all this risks and complications it's best to switch from win0S to good Linux OS (Fedora, Debian, Mint) that already have integrated compression tools.
After doing that you wont have to worry anymore about malware and remote attacks.
I don't use Windows at all, but I know it very well. Explain why WinRAR is needed there. I recently installed Windows 10 in VirtualBox. I downloaded an image and installed a Windows system. Does this system need additional software? If you are afraid of getting infected with third-party programs that can bring trouble, work with what you have. There is no need to archive or compress anything.
It is enough for me to work on the software that Windows provides. By the way, if you delve into history, then any archiver on Windows was once accused of harmful content.
It's time to fall in love with Linux.
It is enough for me to work on the software that Windows provides. By the way, if you delve into history, then any archiver on Windows was once accused of harmful content.
It's time to fall in love with Linux.
Jump to: