Update WinRAR: Hackers are exploiting 19-year-old bug, installing hard-to-detect malware
While most of us use WinRAR to extract ZIP/compressed files on our PCs, only a few really bother to update the software or even activate its license. Now, if you're one from this group, it is time to update the program immediately - unless you want your system to be vulnerable to open attacks from hackers. Here's why your PC could be at risk.
'Ancient' WinRAR bug being exploited
Last month, a critical vulnerability was flagged in WinRAR, a bug that opened gates for attackers to install malware on PCs hosting the software. It had existed in the software for about 19 years but was fixed immediately after being flagged. But, as many have still not installed the patch, opportunistic hackers are exploiting the bug to install hard-to-detect malware on computers, reports McAfee.
How hackers are compromising computers?
The code execution vulnerability, first discovered by Check Point Research, revolves around hackers packaging a malformed ACE file with a RAR extension. When this package is extracted through any version of WinRAR released over the last 19 years, it exploits the vulnerability and adds a malicious payload into the startup folder of the PC - without any kind of system alert.
Then, the malware runs automatically
Once installed, the malicious payload awaits for a system restart to start running. When this happens, it activates and installs a generic trojan compromising the PC. It is not exactly clear how the trojan affects the computer, but Chronicle-owned VirusTotal service claims it was detected by some nine antivirus providers (including McAfee), which clearly shows the risk it poses.
McAfee has detected over 100 exploits
In the first week of disclosure, McAfee detected over 100 unique exploits (and counting) of the WinRAR vulnerability. Most of the targets were US-based, but the attack clearly shows anyone using an old version of the software is not safe. Notably, hackers are using different ways, including an illegal copy of Ariana Grande's latest album Thank U, Next, to attack vulnerable WinRAR users.
Details of the illegal copy
The ZIP, named 'Ariana_Grande-thank_u,_next(2019)_[320].rar,' installed regular music along with the malicious payload to trick unsuspecting users. It was found being distributed through torrent sites and Twitter but it still remains unclear if the payload it installed was the only one being used for the attack.
So, update WinRAR or switch to another extraction tool
Having said that, if you're one of the 500 million people using WinRAR, it is important to update the program to version 5.70 immediately. Alternatively, you could ditch the software altogether and switch to some other extraction tool like 7zip. Also, install a reliable antivirus program on your PC so that vulnerabilities are flagged and removed in time.
