Want to share with your friends too?

Science
16 Mar 2019

Update WinRAR: Hackers are exploiting 19-year-old bug, installing hard-to-detect malware

Hackers exploiting WinRAR bug to install malware

While most of us use WinRAR to extract ZIP/compressed files on our PCs, only a few really bother to update the software or even activate its license.

Now, if you're one from this group, it is time to update the program immediately - unless you want your system to be vulnerable to open attacks from hackers.

Here's why your PC could be at risk.

In context

Hackers exploiting WinRAR bug to install malware
'Ancient' WinRAR bug being exploited

Bug details

'Ancient' WinRAR bug being exploited

Last month, a critical vulnerability was flagged in WinRAR, a bug that opened gates for attackers to install malware on PCs hosting the software.

It had existed in the software for about 19 years but was fixed immediately after being flagged.

But, as many have still not installed the patch, opportunistic hackers are exploiting the bug to install hard-to-detect malware on computers, reports McAfee.

Attack

How hackers are compromising computers?

The code execution vulnerability, first discovered by Check Point Research, revolves around hackers packaging a malformed ACE file with a RAR extension.

When this package is extracted through any version of WinRAR released over the last 19 years, it exploits the vulnerability and adds a malicious payload into the startup folder of the PC - without any kind of system alert.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

Then, the malware runs automatically

Details

Then, the malware runs automatically

Once installed, the malicious payload awaits for a system restart to start running.

When this happens, it activates and installs a generic trojan compromising the PC.

It is not exactly clear how the trojan affects the computer, but Chronicle-owned VirusTotal service claims it was detected by some nine antivirus providers (including McAfee), which clearly shows the risk it poses.

Attacks

McAfee has detected over 100 exploits

In the first week of disclosure, McAfee detected over 100 unique exploits (and counting) of the WinRAR vulnerability.

Most of the targets were US-based, but the attack clearly shows anyone using an old version of the software is not safe.

Notably, hackers are using different ways, including an illegal copy of Ariana Grande's latest album Thank U, Next, to attack vulnerable WinRAR users.

Details of the illegal copy

The ZIP, named 'Ariana_Grande-thank_u,_next(2019)_[320].rar,' installed regular music along with the malicious payload to trick unsuspecting users. It was found being distributed through torrent sites and Twitter but it still remains unclear if the payload it installed was the only one being used for the attack.

So, update WinRAR or switch to another extraction tool

Protection

So, update WinRAR or switch to another extraction tool

Having said that, if you're one of the 500 million people using WinRAR, it is important to update the program to version 5.70 immediately.

Alternatively, you could ditch the software altogether and switch to some other extraction tool like 7zip.

Also, install a reliable antivirus program on your PC so that vulnerabilities are flagged and removed in time.

Ask NewsBytes
User Image

Most asked questions

How to update WinRAR?

Is 7zip as good as WinRAR?

What this malware can do?

Are there any other bugs in WinRAR?

More questions

How to update WinRAR?

Asked 1 minute ago by Ananya Rangan

Answered by NewsBytes

You can download and install a fresh version of WinRAR from the official site.

Is 7zip as good as WinRAR?

Asked 1 minute ago by Trisha Chavan

Answered by NewsBytes

Yes, 7zip is as good as WinRAR and can extract all forms of compressed files.

What this malware can do?

Asked 1 minute ago by Rakesh Sharma

Answered by NewsBytes

The exact of impact of the malware is not known, but malicious programs can do a lot of harm to your computer, from slowing it down to stealing its data.

Are there any other bugs in WinRAR?

Asked 1 minute ago by Pranav Vyas

Answered by NewsBytes

No, this appears to be the only issue.

Next Timeline