Cyber-Criminals Using WinRAR Vulnerability to Carry Out Malicious Activities

WinRAR has released several versions in the last 19 years, but recently its vulnerability has been used by the cyber-criminals to exploit many.

Malware is being distributed in users’ devices by cyber-criminal groups as well as few nation-state hackers through the exploitation of WinRAR vulnerability.

Check Point, a cyber-security firm based in Israel, revealed in February about the vulnerability. Booby-Trapped archives are created by the attacker, and when these are unzipped by a user using WinRAR app it saves malicious files on the device.

Researchers of Check Point believe that attackers will use this vulnerability, CVE 2018-20250, to place malware in Windows Startup folder, which will be executed whenever the system is rebooted.

A week later, this was proved when hackers planted backdoor trojans by exploiting the vulnerability of WinRAR on users’ devices.

This led to many other spamming campaigns by hackers using different lures, including technical documents or adult images, to distribute various other types of malware.

A day before the Donald Trump and Kim Jong-un summit in Vietnam by the end of February, these malicious archives were sent to South Korean government agencies also.

There have been two other such incidents where WinRAR vulnerability was exploited in politically themed phishing campaigns. First-time Ukrainian law themes were used to lure victims to unzip the malicious folder using WinRAR.

The second time, the Middle East users were targeted using lure about the United Nations and human rights. These are considered as serious attacks and seem like being carried out by intelligence services related to cyber-espionage.

McAfee, a US-based cyber-security firm in its report updates about these malicious campaigns, one of which was using Ariana Grande lure to deceive users to open the booby-trapped archives and place malicious files on the system. The company said to have spotted 100 unique exploits that have been used to exploit users through WinRAR.

This folder tricks users into opening booby-trapped archives that plant malware on their systems

There are around 500 million users of WinRAR app, the majority of which are outdated, giving attackers an ideal platform to carry out malicious activities.

In January, WinRAR 5.70 Beta 1 was released and later the company announced 5.70 Beta 2 to cover the vulnerability, requiring users to manually update the app by downloading it from the website and installing it. Unfortunate, many are unaware of the vulnerability, thus totally unaware of the latest update.

Featured photo: Traffic Analyzer / Getty Images
Previous Post Next Post