Posted on March 15, 2019 at 3:12 PM
Hackers exploited a WinRar code-execution vulnerability to install malware.
To say that hackers had a field day recently with their dubious activities is an understatement. Recently, users of WinRar suffered a malicious malware attack due to a 19-year old flaw detected in the program. Many people have used this program to compress their files from many sources. The data about Winrar is that up to 500 million people are making use of the service. However, this code-execution vulnerability exposed them to malware attack as soon as the thieves got wind of it. The unfortunate aspect of the discovery is that many antivirus products in the market are not detecting the virus.
As soon as Check Point Research disclosed the presence of this flaw in February, the mass reaction was far-reaching. Many people got wind of it and amongst them were online miscreants who will utilize any opportunity to strike. The hackers designed the malware to infect any device using a version of WinRar created in the past 19 years. Once a user opens a Zip file with any of these versions, the virus will attack the device immediately.
What McAfee researcher says
According to what a researcher working at McAfee reported, Check Point security has made alarming discoveries since the announcement. In the first week following the announcement, the firm has already identified 100 exploits, and the lists are still growing. From their list, the hackers targeted more of users in the United States.
In a blog post, Craig Schmugar, a Research Architect at McAfee gave one example of the malware attack. He wrote “One of such piggybacks they discovered recently is a copy of a hit album from Ariana Grade, “Thank U, Next” using a file name ‘Ariana_Grande-thank_u,_next(2019)_.rar,”. According to him, if a user extracts the content of the archive with a tainted WinRar version, the malware will attack. It immediately creates a malicious payload without a user’s knowledge in their Startup folder. Since it will bypass the User Access Control, the user will not get any alert about the infiltration. The malware will be there waiting, and once the user restarts their system, it will run.
Screenshots evidence reveals more
To further buttress the operation of the malware, the researcher uploaded screenshots in his post. Looking at the shots, you will notice that the file extracts harmless-looking MP3 files to a device download folder. However, this is to cover the main harm to the system. Beyond what the user, there is also a “hi.exe” file in the startup folder, this is where the danger lies. This file installs an unidentifiable Trojan once the user reboots the computer. According to Google-owned VirusTotal service, only 9 AV providers detected the malware.
However, the McAfee researcher didn’t specify if the one hundred exploits they discovered install the malware. Further searches of the Web about this shows that another suspicious RAR file containing Ariana Grande album is circulating online. It is presently on Twitter and people should check properly before downloading it. Also, don’t download every file you find online without checking it properly.
To be more careful and avoid this malware attack, ensure that you use WinRar version 5.70. Another option you can explore is 7zip. Remember that other versions are vulnerable right now and can give hackers access to your computer.