Why it matters: If you have WinRAR installed, make sure you’ve updated to the most recent version that patches a critical security vulnerability. Vulnerable versions are subject to malicious archive files that are booby trapped and now opportunistic hackers are using this attack vector to hit unknowingly vulnerable users before they can patch.

Download shortcut: WinRAR 5.70

Back in February, cybersecurity firm Check Point disclosed a vulnerability that’s existed in WinRAR for some 19 years. The potential attack vector was a result of WinRAR’s support for the outdated ACE archive format, whereby those with malicious intent could give an ACE file a .rar extension, and then use it as a booby trap to execute malicious code from a machine’s startup folder after a reboot.

Rarlab issued a patch and statement, but those who are not using the most recent version are still at risk.

Now, hackers are leveraging the exploit to reach vulnerable systems before users update. McAfee revealed they’ve identified “over 100 unique exploits and counting.” One particular implementation targets Ariana Grande fans looking to bootleg the artist’s popular album “Thank U, Next” by using a file named “Ariana_Grande-thank_u,_next(2019)_[320].rar” that is booby trapped with malicious code.

Other campaigns have been used to spread malware through the WinRAR exploit as well, as 360 Threat Intelligence Center has been documenting via Twitter.

WinRAR has an estimated 500 million users, most of which probably don’t know about this vulnerability and that creates a desirable attack surface. This attack is bound to gain more traction in the future, so please share with your friends and family if you know they have WinRAR installed and grab the most recent version of the software.





Source link

https://www.buyspyequipment.com/product/car-tracker-gps-tracking-pet-auto-real-time-monitor-mini-gps-wallet-track-micro-device-global-tool-voice-recording-tools/

LEAVE A REPLY

Please enter your comment!
Please enter your name here