Hackers actively exploit the vulnerability in WinRAR

Experts found more than one hundred exploits forWinRAR archiver vulnerabilities discovered in February and their number continues to grow. Cybercriminals are actively exploiting this “hole” in security.

A few days after it wasnews about the PoC-exploit bug was published, cyber security experts noticed the first malicious campaign. She implemented malware on user computers. Since that time, McAfee has identified more than one hundred exploits for this vulnerability.

This vulnerability allows to bypass the directory inlibrary UNACEV2.DLL. It is included with WinRAR and is used to unpack ACE-format files. Due to the identified hole, attackers can extract files from an archive into a folder they need, rather than the one selected by the user.

So, during one campaign by hackersThe pirated version of the album of singer Ariana Grande from America was distributed. Only 11 antiviruses recognize this copy as malware. The malicious RAR archive is called Ariana_Grande-thank_u, _next (2019) _ [320] .rar. It contains not only safe MP3 files, but also an executable malicious file saved in the startup folder and executed every time the system boots.

The developers have already released a corrected version.WinRAR version 5.70 beta 1. However, the vulnerability is still valuable to cybercriminals. After all, the update has not yet been downloaded by all users. According to experts, the main problem is that the archiver does not have an automatic update option. So users are advised to quickly install an updated version of WinRAR, and also not to open data obtained from unverified sources.