Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Update your copy of WinRAR now as hackers have begun to exploit its critical vulnerability

By Wong Chung Wee - on 18 Mar 2019, 3:00pm

Update your copy of WinRAR now as hackers have begun to exploit its critical vulnerability

Image source: Check Point Software Technologies

In February this year, researchers from Check Point Software Technologies uncovered a security flaw in WinRAR that was due to an archaic dynamic link library file. This particular DLL hasn’t been updated since 2005. RarLab, the company behind WinRAR, issued a patch, and has now advised WinRAR users to update to the latest version to close this vulnerability. Now, according to McAfee, there are “over 100 unique exploits and counting."

Image source: McAfee

One of the latest exploits target Ariane Grande fans, by piggybacking on a bootlegged copy of Ariana Grande’s hit album “Thank U, Next” with a file name of “Ariana_Grande-thank_u,_next(2019)_[320].rar”.  When a vulnerable copy of WinRAR is used to extract the file’s content, the malware is copied to the Windows Startup folder and it’s able to bypass User Account Control (UAC).

Image source: 360 Threat Intelligence Center

According to 360 Threat Intelligence Center, one of the first WinRAR vulnerability exploits to be delivered as an email attachment, is the ModifiedVersion3.rar archived file. The backdoor exploit is created by Microsoft Solutions Framework (MSF) and the malware, i.e., CMSTray.exe is written to the Windows Startup folder if UAC is disabled.

In order to stop this exploit, WinRAR users, on Windows OS, are advised to upgrade their copy of WinRAR immediately. At the same time, update your virus definitions and avoid opening archived files from unknown sources.

Source: McAfee, 360 Threat Intelligence Center, Check Point Software Technologies

Loading...