Wednesday, May 7, 2025
HomeComputer SecurityBeware !! Hackers Exploiting WinRAR Vulnerability to Hack Windows Computer While User...

Beware !! Hackers Exploiting WinRAR Vulnerability to Hack Windows Computer While User Extract the Content

Published on

SIEM as a Service

Follow Us on Google News

Cyber Criminals launching a massive payload campaign that exploit the vulnerability that existed in the WinRAR compression tool to compromise the target Windows System.

Since the vulnerability has been already patched, attacker aiming to exploit and compromise the unpatched vulnerable systems.

Researchers from checkpoint recently discovered this 19-year-old Remote Code Execution bug vulnerability in WinRAR UNACEV2.DLL allows attackers to take complete control of the vulnerable windows machine.

- Advertisement - Google News

WinRAR is worlds most popular Compression tool that used over 500 million users around the world.

The vulnerability(CVE-2018-20250) resides the unacev2.dll that used in handling the ACE archive extraction. The ACE file format compiled using WinACE.

Similarly, cyber criminals already launched First Malware Campaign that Exploits WinRAR ACE vulnerability on Feb 5, 2019.

Exploiting WinRAR UNACEV2.DLL Vulnerability

Initially, Threat actors compressed the exploit payload using WinRAR and distributing to victims with the name of “Ariana_Grande-thank_u,next(2019)[320].rar”.


Malformed Archive

In this case, once users open the compressed payload using unpatched & vulnerable WinRAR then the malicious payload is created in the Startup folder.


Extracted Malware payload 

Along with the payload, researchers uncovered that the compressed file also contains non-malicious MP3 files which is one of the tactics attacker used to trick victims to drop the malicious payload.

According to McAfee research, “User Access Control (UAC) is bypassed after the payload gets executed, so no alert is displayed to the user. The next time the system restarts, the malware is run.”

Also, researchers uncovered over 100 unique payloads and still it’s counting, most of the sample primarily targeting the victims in U.S.

All the WinRAR users are advised to update the current patched version,
WinRAR 5.70 to avoid such attacks and also avoid to open the unknown files.

Training Course: Certified Cyber Threat Intelligence Analysts course that will introduce you to the 8 phases of advanced threat intelligence analysis.

Also Read:

Millions of Devices Found Running Outdated Versions of the Famous Softwares

Hackers Exploiting Adobe Flash Zero-Day that Launching via a Microsoft Office Document

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Targeting Schools and Universities in New Mexico with Cyber Attacks

A major cyberattack on the Coweta County School System's computer network occurred late Friday night, which is a worrying development for New Mexico's educational institutions. The unauthorized intrusion, detected around 7:00 p.m., prompted immediate action from the school...

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...

Samsung MagicINFO 9 Server Vulnerability Actively Exploited in the Wild

A critical security vulnerability in the Samsung MagicINFO 9 Server has come under active...