Image source: Check Point Software Technologies
In February this year, researchers from Check Point Software Technologies uncovered a security flaw in WinRAR that was due to an archaic dynamic link library file. This particular DLL hasn’t been updated since 2005. RarLab, the company behind WinRAR, issued a patch, and has now advised WinRAR users to update to the latest version to close this vulnerability. Now, according to McAfee, there are “over 100 unique exploits and counting."
Image source: McAfee
One of the latest exploits target Ariane Grande fans, by piggybacking on a bootlegged copy of Ariana Grande’s hit album “Thank U, Next” with a file name of “Ariana_Grande-thank_u,_next(2019)_[320].rar”. When a vulnerable copy of WinRAR is used to extract the file’s content, the malware is copied to the Windows Startup folder and it’s able to bypass User Account Control (UAC).
Image source: 360 Threat Intelligence Center
According to 360 Threat Intelligence Center, one of the first WinRAR vulnerability exploits to be delivered as an email attachment, is the ModifiedVersion3.rar archived file. The backdoor exploit is created by Microsoft Solutions Framework (MSF) and the malware, i.e., CMSTray.exe is written to the Windows Startup folder if UAC is disabled.
In order to stop this exploit, WinRAR users, on Windows OS, are advised to upgrade their copy of WinRAR immediately. At the same time, update your virus definitions and avoid opening archived files from unknown sources.
Source: McAfee, 360 Threat Intelligence Center, Check Point Software Technologies
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.