WinRAR has a critical bug which is getting exploited in the wild
2 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
We have all used WinRAR at least once in our life and it’s one of the most popular Windows file compression application. The software, however, has been hit with a critical bug which was first disclosed last month.
The vulnerability was discovered last year by security researchers from Check Point Software and it impacts all WinRAR versions released in the last 19 years. The good news is that WinRAR has released an update to patch the vulnerability. The bad news is that the vulnerability is being exploited in the wild. Since the WinRAR developers lost access to the UNACEV2.DLL library source code around 2005, they decided to drop support for ACE archive formats altogether.
However, that didn’t help as users haven’t updated the software to the latest versions and hackers have found a way to send malicious files embedded inside the archives. The researchers at Check Point Software demonstrated how a simple find extraction from WinRAR can create a malicious file inside the startup folder that gets executed every time the computer is restarted.
Seeing the opportunity, several hacker groups started using social engineering to send files to users. For instance, hackers started embedding malicious codes inside images to lure victims into extracting them.
Warning! Upgrades in the #WinRAR vulnerability (#CVE-2018-20250) exploit, use social engineering to lure victims with embedded image files and encrypt the malicious ACE archive before delivering.
Analysis report: https://t.co/LEcRPqP0cT
Chinese version: https://t.co/wbDCdZl1YV pic.twitter.com/8cjieD1xVJ
— RedDrip Team (@RedDrip7) February 27, 2019
Not only that, hackers targeted the South Korean government agencies just a day before the second Donald Trump and Kim Jong-un summit that took place in Vietnam. They even used UN human rights files to lure targets in the Middle East.
WinRAR exploit (#CVE-2018-20250) sample (united nations .rar) seems targeting the Middle East. Embedded with bait documents relating to the United Nations Human Rights and the #UN in Arabic, it finally downloads and executes #Revenge RAT.https://t.co/WJ4oJ1UxAz pic.twitter.com/fgHYSD4Mk5
— RedDrip Team (@RedDrip7) March 12, 2019
In a report published by McAfee yesterday, the company claims to have seen over “100 unique exploits and counting” that used the WinRAR vulnerability to infect users. The safest thing anyone can do right now is to stay away from files that use ACE archive formats and downloaded the latest WinRAR 5.70 Beta 1 update from their website.
Via: ZDNet
User forum
0 messages