We have all used WinRAR at least once in our life and it’s one of the most popular Windows file compression application. The software, however, has been hit with a critical bug which was first disclosed last month.
The vulnerability was discovered last year by security researchers from Check Point Software and it impacts all WinRAR versions released in the last 19 years. The good news is that WinRAR has released an update to patch the vulnerability. The bad news is that the vulnerability is being exploited in the wild. Since the WinRAR developers lost access to the UNACEV2.DLL library source code around 2005, they decided to drop support for ACE archive formats altogether.
However, that didn’t help as users haven’t updated the software to the latest versions and hackers have found a way to send malicious files embedded inside the archives. The researchers at Check Point Software demonstrated how a simple find extraction from WinRAR can create a malicious file inside the startup folder that gets executed every time the computer is restarted.
Seeing the opportunity, several hacker groups started using social engineering to send files to users. For instance, hackers started embedding malicious codes inside images to lure victims into extracting them.
Analysis report: https://t.co/LEcRPqP0cT
— 360 Threat Intelligence Center (@360TIC) February 27, 2019
Not only that, hackers targeted the South Korean government agencies just a day before the second Donald Trump and Kim Jong-un summit that took place in Vietnam. They even used UN human rights files to lure targets in the Middle East.
WinRAR exploit (#CVE-2018-20250) sample (united nations .rar) seems targeting the Middle East. Embedded with bait documents relating to the United Nations Human Rights and the #UN in Arabic, it finally downloads and executes #Revenge RAT.https://t.co/WJ4oJ1UxAz pic.twitter.com/fgHYSD4Mk5
— 360 Threat Intelligence Center (@360TIC) March 12, 2019
In a report published by McAfee yesterday, the company claims to have seen over “100 unique exploits and counting” that used the WinRAR vulnerability to infect users. The safest thing anyone can do right now is to stay away from files that use ACE archive formats and downloaded the latest WinRAR 5.70 Beta 1 update from their website.