Hackers exploiting WinRAR bug to install malware

Science

16 Mar 2019

Update WinRAR: Hackers are exploiting 19-year-old bug, installing hard-to-detect malware

While most of us use WinRAR to extract ZIP/compressed files on our PCs, only a few really bother to update the software or even activate its license.

Now, if you're one from this group, it is time to update the program immediately - unless you want your system to be vulnerable to open attacks from hackers.

Here's why your PC could be at risk.

Bug details

'Ancient' WinRAR bug being exploited

'Ancient' WinRAR bug being exploited

Last month, a critical vulnerability was flagged in WinRAR, a bug that opened gates for attackers to install malware on PCs hosting the software.

It had existed in the software for about 19 years but was fixed immediately after being flagged.

But, as many have still not installed the patch, opportunistic hackers are exploiting the bug to install hard-to-detect malware on computers, reports McAfee.

Attack

How hackers are compromising computers?

The code execution vulnerability, first discovered by Check Point Research, revolves around hackers packaging a malformed ACE file with a RAR extension.

When this package is extracted through any version of WinRAR released over the last 19 years, it exploits the vulnerability and adds a malicious payload into the startup folder of the PC - without any kind of system alert.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify me

Details

Then, the malware runs automatically

Then, the malware runs automatically

Once installed, the malicious payload awaits for a system restart to start running.

When this happens, it activates and installs a generic trojan compromising the PC.

It is not exactly clear how the trojan affects the computer, but Chronicle-owned VirusTotal service claims it was detected by some nine antivirus providers (including McAfee), which clearly shows the risk it poses.

Attacks

McAfee has detected over 100 exploits

In the first week of disclosure, McAfee detected over 100 unique exploits (and counting) of the WinRAR vulnerability.

Most of the targets were US-based, but the attack clearly shows anyone using an old version of the software is not safe.

Notably, hackers are using different ways, including an illegal copy of Ariana Grande's latest album Thank U, Next, to attack vulnerable WinRAR users.

Details of the illegal copy

The ZIP, named 'Ariana_Grande-thank_u,_next(2019)_[320].rar,' installed regular music along with the malicious payload to trick unsuspecting users. It was found being distributed through torrent sites and Twitter but it still remains unclear if the payload it installed was the only one being used for the attack.

Protection

So, update WinRAR or switch to another extraction tool

So, update WinRAR or switch to another extraction tool

Having said that, if you're one of the 500 million people using WinRAR, it is important to update the program to version 5.70 immediately.

Alternatively, you could ditch the software altogether and switch to some other extraction tool like 7zip.

Also, install a reliable antivirus program on your PC so that vulnerabilities are flagged and removed in time.

Share this timeline

Winrar 64

Winrar Download

Winrar Download Free

ACE

Ariana Grande

Check Point Research

Chronicle-owned VirusTotal

Thank U

Update WinRAR

US

Share this timeline

Ask NewsBytes
User Image

Most asked questions

How to update WinRAR?

Is 7zip as good as WinRAR?

What this malware can do?

Are there any other bugs in WinRAR?

More questions

How to update WinRAR?

Asked 2019-03-16 12:06:13 by Ananya Rangan

Answered by NewsBytes

You can download and install a fresh version of WinRAR from the official site.

Is 7zip as good as WinRAR?

Asked 2019-03-16 12:06:13 by Trisha Chavan

Answered by NewsBytes

Yes, 7zip is as good as WinRAR and can extract all forms of compressed files.

What this malware can do?

Asked 2019-03-16 12:06:13 by Rakesh Sharma

Answered by NewsBytes

The exact of impact of the malware is not known, but malicious programs can do a lot of harm to your computer, from slowing it down to stealing its data.

Are there any other bugs in WinRAR?

Asked 2019-03-16 12:06:13 by Pranav Vyas

Answered by NewsBytes

No, this appears to be the only issue.

Next Timeline