Remember, the early 2000s software WinRAR that extracted “.zip files” and other file archives on the Windows PC! If you are among the 500 million people using WinRAR over the years then the joke is on you. Cyber security consultancies have recently reported about a 19-year-old flaw that created a security breach in the hard drive.
In a report, Check Point said “We found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and puts over 500 million users at risk.”
This bug was constantly fooling the users over the past 19 years. By renaming an ACE file with a RAR extension, cyber criminals get control of WinRAR to extract a malicious program to a computer’s startup folder. That means it will run automatically every time the computer boosts.
Security researchers of Check Point said that booby-trapped archives are created by the attacker and when these are unzipped by a target user using the WinRAR app it saves malicious files on the system.
What is WinRAR?
WinRAR is an archive manager and data compression software that allows one to compress large files and extract compressed files. It can be downloaded free from the internet. It is a windows version of the RAR archive and is a Windows-only program. It is available in over 50 languages in both 32bit and 64bit and many OS is the only compression software that acknowledged in the countries using Unicode.
Recently, vulnerability is found in WinRAR which abuses en-masse by multiple threats. The cyber security experts argued that attackers would use this vulnerability to plant cyber attacks in the Windows Startup folder.
US-based Cyber Security Company McAfee reported updates about these malicious campaigns, one of which was using Ariana Grande lure to mislead users to open the booby-trapped archives and distribute malicious files on the target system. The cyber security company said to have spotted 100 unique exploits that have been used to abuse users through WinRAR. It is noted that the majority of the users were unaware of this vulnerability. It has been found that no update was made since 2005 and the company was using a third-party tool to unpack ACE archives anyway.The hacker groups began exploiting the vulnerability to plant backdoor Trojans on the target system. They also spread different malware payloads using different lures.
In response to this, WinRAR has quickly patched the vulnerability by realizing version “5.70 beta 1” in which it dropped support for ACE archives. One has to manually visit WinRAR site and can easily download it. 19 years is a pretty long time to carry a flaw like this with 500 million users potentially exposed, which is according to the cyber security experts is a major oversight on WinRAR’s part. If you are still using the WinRAR, it would be good for you to update the software as fast as possible.
Leave a Comment:
Get Exclusive Cyber Security Tips On:
Prevention from damage dealt to an organization’s reputation.
Investments on fixing the issues caused by attack.
Preventing confidential data and Intellectual Property being stolen
Prevention of revenue loss due to service disruption and much more.