Werewolf Hackers Exploiting WinRAR Vulnerability To Deploy RingSpy Backdoor

Active since 2023, the Mysterious Werewolf cluster has shifted targets to the military-industrial complex (MIC) by using phishing emails with a weaponized archive.  The archive contains a seemingly legitimate PDF document along with a malicious CMD file, and when the victim opens the archive and double-clicks the PDF, the CMD file executes, deploying the RingSpy backdoor onto the compromised system.  Malware replaces the Athena agent of the Mythic framework, a strategy that Mysterious Werewolf previously employed in earlier campaigns.  An attacker known as Mysterious Werewolf is employing phishing emails laced with malicious archives that exploit the CVE-2023-38831 vulnerability in WinRAR to execute code. Document Run Free ThreatScan on Your Mailbox AI-Powered Protection for Business Email Security Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox.

Source: GBHackers