Researchers have detected the first malspam campaign that delivers a malicious RAR archive to infect victim’s computer exploiting the WinRAR ACE vulnerability.
The 19-year-old vulnerability was disclosed by checkpoint security researchers last week, the vulnerability resides in the WinRAR UNACEV2.DLL library.
This vulnerability can be exploited by an attacker with specially crafted ACE archive and to extract the file in windows startup folder to gain the persistence and to get launched automatically once the user logged in to the computer.
360 Threat intelligence center detected a malspam campaign that delivers a malcious RAR archive by exploiting this vulnerability.The backdoor is generated MSF and it extracts to user’s startup folder.
Based on analysis the malware fails to execute due to lack of permissions if UAC is running in the machine, the extraction fails with the error “Access is denied” and “operation failed”.
Training Course: Certified Cyber Threat Intelligence Analysts course that we’ll introduce you to the 8 phases of threat intelligence.
If the UAC is disabled or the WinRAR running with the admin privileges then the malware will get extract to the user’s Startup folder C:\ProgramData\Microsoft\Windows\StartMenu\Programs\Startup\CMSTray.exe and it will execute with the user’s next login.
If you have not yet updated the WinRAR, it’s time to update with the latest version of the WinRAR(WinRAR 5.70 beta 1).
Several of Australia’s largest superannuation funds have been targeted in a coordinated cyberattack, leading to…
In a significant update to the popular dynamic instrumentation toolkit Frida, developers have introduced powerful…
OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security vulnerability…
A critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching proxy…
Secure Ideas, a premier provider of penetration testing and security consulting services, proudly announces its…
Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券), a…