“100 unique exploits and counting”: Hackers begin exploiting WinRAR critical vulnerability

Why it matters: If you have WinRAR installed, make sure you’ve updated to the most recent version that patches a critical security vulnerability. Vulnerable versions are subject to malicious archive files that are booby trapped and now opportunistic hackers are using this attack vector to hit unknowingly vulnerable users before they can patch.

Download shortcut: WinRAR 5.70

Back in February, cybersecurity firm Check Point disclosed a vulnerability that’s existed in WinRAR for some 19 years. The potential attack vector was a result of WinRAR’s support for the outdated ACE archive format, whereby those with malicious intent could give an ACE file a .rar extension, and then use it as a booby trap to execute malicious code from a machine’s startup folder after a reboot.

Rarlab issued a patch and statement, but those who are not using the most recent version are still at risk.

Now, hackers are leveraging the exploit to reach vulnerable systems before users update. McAfee revealed they’ve identified “over 100 unique exploits and counting.” One particular implementation targets Ariana Grande fans looking to bootleg the artist’s popular album “Thank U, Next” by using a file named “Ariana_Grande-thank_u,_next(2019)_[320].rar” that is booby trapped with malicious code.

"100 unique exploits and counting": Hackers begin exploiting WinRAR critical vulnerability 1

Other campaigns have been used to spread malware through the WinRAR exploit as well, as 360 Threat Intelligence Center has been documenting via Twitter.

WinRAR has an estimated 500 million users, most of which probably don’t know about this vulnerability and that creates a desirable attack surface. This attack is bound to gain more traction in the future, so please share with your friends and family if you know they have WinRAR installed and grab the most recent version of the software.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

What Are E-stablecoins And How Do They Operate?
What Are E-Stablecoins And How Do They Operate?
August 11, 2022
How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022

CryptoCurrencyUSDChange 1hChange 24hChange 7d
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
USD Coin1.000 0.44 % 0.25 % 0.18 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
Solana42.12 0.56 % 2.22 % 3.81 %
? --- 0.00 % 0.00 %

Bitcoin (BTC) $ 23,867.00
Ethereum (ETH) $ 1,869.82
Tether (USDT) $ 1.01
USD Coin (USDC) $ 1.00
BNB (BNB) $ 314.56
Cardano (ADA) $ 0.559979
XRP (XRP) $ 0.374339
Binance USD (BUSD) $ 1.00
Solana (SOL) $ 42.95
Dogecoin (DOGE) $ 0.084779