winrar Exploit

More than 500 Million Systems with old winrar installation still vulnerable to attack.

This Exploit is an very old vulnerability which could have been in WinRar Software since 19 years.

Last Week we saw a winRAR Critical Vulnerability CVE2018-20250 that could allow a malicious user to allow an attacker to extract compressed Exe file from the ACE archive to Windows Startup Folder. Which could lead to auto startup execution of a attacker predefined malware

Where was the real Bug (vulnerability) in WinRAR Software?

This Bug was in an old third party Library file UNACEV2.DLL in WinRAR.

What Could be done with this WinRAR Bug ?

Attacker Could take the complete control of the system because he can plant his specially crafted malware exe file in startup folder of windows just by extracting winrar file.

More then 100s of uniquely crafted Winrar Exploit was reported my McAfee Antivirus after this exploit was made public. Winrar is widely used compression and decompression program used by millions of user. After Pic came out in public winter released the patch for the Vulnerable version of Winrar. But Because winter does not have any auto update feature attackers are still exporting the Winrar Exploit. Most of the attacks were reported in US Market. Various Malicious Email Campaign were found exploiting the lated Winter Bug.

In An resent attack Mcafee Detected :

Malware Name : Ariana_Grande-thank-u,-next(2019)_[320].rar

Note: (Very Few antivirus are detecting this above file as a malware)

when you extract the above file your get legitimate mp3 files in your folder but silently it drops Exe to your Startup Folder. Find the report below My McAfee Researcher .

“When a vulnerable version off WinRAR is used to extract the content of archive, a malicious payload is created in the startup folder behind the scenes” As explained by McAFee Researches.

Attackers are using UAC bypass Techniques to bypass the windows alert system. Due to this no alerts were displayed to the user when system gets restarted and malicious payload is executed.

How To Protect Yourself ??

  1. Update your Winrar Software to latest version.
  2. Do not open Unknown Winrar Files.


For More Latest News Update Please Subscribe to News4hackers.com

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *