https://techcrunch.com/2023/08/23/w...ozferf5K7izV8FHtUP6-xH6XDPXK02MW4o701HIOvZ7Zo " Cybercriminals are exploiting a zero-day vulnerability in WinRAR, the venerable shareware archiving tool for Windows, to target traders and steal funds. Cybersecurity company Group-IB discovered the vulnerability, which affects the processing of the ZIP file format by WinRAR, in June. The zero-day flaw — meaning the vendor had no time, or zero days, to fix it before it was exploited — allows hackers to hide malicious scripts in archive files masquerading as “.jpg” images or “.txt” files, for example, to compromise target machines. In the case of one of the targeted forums, administrators became aware that malicious files were shared and subsequently issued a warning to their users. The forum also took steps to block the accounts used by the attackers, but Group-IB saw evidence that the hackers were “able to unlock accounts that were disabled by forum administrators to continue spreading malicious files, whether by posting in threads or private messages.” Once a targeted forum user opens the malware-laced file, the hackers gain access to their victims’ brokerage accounts, enabling them to perform illicit financial transactions and withdraw funds, according to Group-IB. The cybersecurity firm tells TechCrunch that the devices of at least 130 traders are infected at the time of writing but notes that it has “no insight on financial losses at this stage.”
As far as I know withdrawals always go to the bank account from which the money initally came. If you wish otherwise, you have first to proof that the bank account you want to use now is yours.