On February 20, Point Point, a cyber-Israeli security firm, revealed its discovery Critical security flaw in WinRAR. The most severe is that vulnerability Has been present in the application for 19 years. Those responsible for the findings warned that hackers could exploit the problem to install malicious software on computers, and that was.
In recent weeks, a number Reports of Internet predators using WinRAR perform malicious code on computers. Your process is next. First, they do an email campaign to spam Distribute an ACE file, Using blood-like adult images to increase their chances of success.
If the user downloads and decompresses him, Files with malicious software are automatically transferred to the Windows Startup folder, Waiting for the computer restart to run. This was the most common example, although other hackers preferred to move the files to other places with different targets.
Analysis report: https://t.co/LEcRPqP0cT
Chinese version: https://t.co/wbDCdZl1YV pic.twitter.com/8cjieD1xVJ
– 360 Threat Intelligence Center (@ 360TIC) February 27,
The fault is found in the UNACEV2.DLL library Of WinRAR, which is used to decompress ACE files. Application developers did not have access to the library's source code, so they have not been able to update it since 2005. The solution was Remove ACE support and offer version -5.70 Beta 1 without failure, However, users must access the application's Web site and update manually.
Of the 500 million people who use WinRAR, few individuals are aware of the situation, leaving the vast majority exposed. McAfee, a company specializing in computer security, has been identified More than 100 utilizes trying to utilize the file compressor files. Of course, this figure continues to grow with the passing of days. This gives us an idea of the matter and has to attack teams to exploit the vulnerability.
The situation has sparked alarms in certain governments. Some ACE files have been sent to government institutions in South Korea Shortly before the summit between Donald Trump and Kim Jong-Un in Vietnam. B Ukraine, The file was shared using a law passed in a country like Dummy. the Middle East He is living something similar, but with a spam campaign criticizing the UN and human rights, and unfortunately, the problem is far from being solved.
WinRAR exploit (#CVE2011-2020) The sample (consolidated countries) appears to be directed to the Middle East, embedded in the bait documents relating to the UN and human rights #UN In Arabic, it finally takes off and performs # Revenge RAT.https: //t.co/WJ4oJ1UxAz pic.twitter.com/fgHYSD4Mk5
– 360 Threat Intelligence Center (@ 360TIC) March 12, 2019