Microsoft acknowledges hacker for exposing critical Windows vulnerabilities

[Forsyth Jones]

Microsoft has recognized a hacker known as EncryptHub for revealing critical flaws in Windows, including vulnerabilities in Windows Explorer and security features. The individual, who balanced a career in cybersecurity with criminal activity, has been linked to malware such as SiamFilm, DarkWes and Pickle Stealer and used tools such as chatgpt to develop malicious code.

Security firm Outpost-it exposed his poor operational practices, which led to his identification. The exploited flaws were fixed in the last Patch Tuesday, but the case highlights risks in corporate infrastructures and the importance of good security practices.

Be very careful if you use software like winrar to encrypt things, there are people who even use it to encrypt plaintext.txt containing seed phrases and private keys.

EncryptHub, also tracked under the monikers LARVA-208 and Water Gamayun, was spotlighted in mid-2024 as part of a campaign that leveraged a bogus WinRAR site to distribute various kinds of malware hosted on a GitHub repository named "encrypthub."

There are better and open source alternatives like 7zip, I stopped using winrar years ago.

It's interesting how he was caught, it seems like something out of a science fiction series, while he was trying to lead a normal life looking for jobs:

The individual is believed to have kept a low profile after moving to an unspecified place near Romania, studying computer science on their own by enrolling for online courses, while seeking computer-related jobs on the side.

source: Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

[ABCbits]

Be very careful if you use software like winrar to encrypt things, there are people who even use it to encrypt plaintext.txt containing seed phrases and private keys.

EncryptHub, also tracked under the monikers LARVA-208 and Water Gamayun, was spotlighted in mid-2024 as part of a campaign that leveraged a bogus WinRAR site to distribute various kinds of malware hosted on a GitHub repository named "encrypthub."

There are better and open source alternatives like 7zip, I stopped using winrar years ago.

I agree 7zip is better choice than WinRAR, although older version of 7-zip cold be used to exploit the CVE[1].

[1] https://cybersecuritynews.com/7-zip-vulnerability-actively-exploited-in-the-wild-in-cyber-attacks/

[Forsyth Jones]

~~

So it seems that versions before 29.9 are vulnerable. Thanks for reporting, my 7zip was outdated. Keeping the software updated to a stable version mitigates major issues.

It seems that windows has a serious problem with file compressors, I heard that this is unfixable on Windows, this type of flaw is dangerous because the user can extract a harmless file that may contain malware.

Once I saw a video reporting about a similar vulnerability in winrar.