From gbhackers.com
Goldmouse APT group (APT-C-27) now start exploiting the WinRAR vulnerability (CVE-2018-20250[6]) to hide the njRAT backdoor and targeting users reside in the Middle East via decoy Word document to compromise and control the device.
The 19-year-old vulnerability was disclosed by checkpoint security researchers last week, the vulnerability resides in the WinRAR UNACEV2.DLL library.
Since the vulnerability has been already patched, attacker aiming to exploit and compromise the unpatched vulnerable systems.
Attackers hide and distribute the compressed WinRAR exploit using word documents, eventually embedded njRAT backdoor drops into the victim’s machine once the archive gets decompressed on the vulnerable computer.