WinRAR has a critical bug which is getting exploited in the wild

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

We have all used WinRAR at least once in our life and it’s one of the most popular Windows file compression application. The software, however, has been hit with a critical bug which was first disclosed last month.

The vulnerability was discovered last year by security researchers from Check Point Software and it impacts all WinRAR versions released in the last 19 years. The good news is that WinRAR has released an update to patch the vulnerability. The bad news is that the vulnerability is being exploited in the wild. Since the WinRAR developers lost access to the UNACEV2.DLL library source code around 2005, they decided to drop support for ACE archive formats altogether.

However, that didn’t help as users haven’t updated the software to the latest versions and hackers have found a way to send malicious files embedded inside the archives. The researchers at Check Point Software demonstrated how a simple find extraction from WinRAR can create a malicious file inside the startup folder that gets executed every time the computer is restarted.

Seeing the opportunity, several hacker groups started using social engineering to send files to users. For instance, hackers started embedding malicious codes inside images to lure victims into extracting them.

Not only that, hackers targeted theย South Korean government agenciesย just a day before the second Donald Trump and Kim Jong-un summit that took place in Vietnam. They even used UNย human rights files to lure targets in the Middle East.

In a reportย published byย McAfee yesterday, the company claims to have seen over “100 unique exploits and counting” that used the WinRAR vulnerability to infect users. The safest thing anyone can do right now is to stay away from files that use ACEย archive formats and downloaded the latestย WinRAR 5.70 Beta 1 update from their website.

Via: ZDNet

User forum

0 messages