Konni APT exploits WinRAR vulnerability (CVE-2023-38831) targeting the cryptocurrency industry
The Konni APT group has been found exploiting the WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry. This is the first time an APT group has been observed using this vulnerability in their attacks. The targets of these recent attacks are notably different from their previous activities, suggesting that Konni may be exploring new attack vectors. The captured sample, named "wallet_Screenshot_2023_09_06_Qbao_Network.zip", references Qbao Network, an intelligent cryptocurrency wallet. The attack chain involves exploiting the WinRAR vulnerability to deliver a payload, which then initiates the creation of a thread and downloads additional payloads from a server. The downloaded data is stored as a temporary file and then decompressed, with various files performing different functions such as checking for remote connection sessions, determining the need for file duplication, and executing malicious code. CVEs: CVE-2023-38831 Malware: Konni [View Article](https://paper.seebug.org/3033/)