An other supply chain attack

Andrew3000 · Jun 19, 2019

The official Italian reseller of WinRar was attacked, and the legit file has been replaced with a ransomware. I contacted them to inform them of the problem. What do you think about the attacks on the supply chain? Are they becoming an increasingly difficult problem to manage?

Virustotal: VirusTotal

AnyRun: WinRAR-x64-571it (1).exe (MD5: FD3F3AF76D31D8F134E2E02463D89D29) - Interactive analysis - ANY.RUN

shmu26 · Jun 20, 2019

That's a bad one. Thanks for reporting.

marcopaone · Jun 20, 2019

Dave Russo · Jun 20, 2019

Thanks,Did you detect this at home?,I did not notice on virus total, the date or time of first detection,thanks for the post,its said 31 minutes ago but that time dos"t seem to correspond with your post

Andrew3000 · Jun 20, 2019

Dave Russo said:
Thanks,Did you detect this at home?,I did not notice on virus total, the date or time of first detection,thanks for the post,its said 31 minutes ago but that time dos"t seem to correspond with your post

Yes, last night while I was doing some tests on samples and I needed to download winrar on the windows' sandbox, so I downloaded the exe from their site and as soon as I finished downloading I realized that something was wrong. I did so many tests and scans, it was a ransomware. Sodinokibi is attacking hard in Italy.

Search

Search

An other supply chain attack

Andrew3000

Level 11

shmu26

Level 85

marcopaone

Level 7

Dave Russo

Level 22

Andrew3000

Level 11

You may also like...