Thursday, April 18, 2024

Beware !! Hackers Exploiting WinRAR Vulnerability to Hack Windows Computer While User Extract the Content

By Balaji

Cyber Criminals launching a massive payload campaign that exploit the vulnerability that existed in the WinRAR compression tool to compromise the target Windows System.

Since the vulnerability has been already patched, attacker aiming to exploit and compromise the unpatched vulnerable systems.

Researchers from checkpoint recently discovered this 19-year-old Remote Code Execution bug vulnerability in WinRAR UNACEV2.DLL allows attackers to take complete control of the vulnerable windows machine.

WinRAR is worlds most popular Compression tool that used over 500 million users around the world.

The vulnerability(CVE-2018-20250) resides the unacev2.dll that used in handling the ACE archive extraction. The ACE file format compiled using WinACE.

Similarly, cyber criminals already launched First Malware Campaign that Exploits WinRAR ACE vulnerability on Feb 5, 2019.

Exploiting WinRAR UNACEV2.DLL Vulnerability

Initially, Threat actors compressed the exploit payload using WinRAR and distributing to victims with the name of “Ariana_Grande-thank_u,next(2019)[320].rar”.


Malformed Archive

In this case, once users open the compressed payload using unpatched & vulnerable WinRAR then the malicious payload is created in the Startup folder.


Extracted Malware payload 

Along with the payload, researchers uncovered that the compressed file also contains non-malicious MP3 files which is one of the tactics attacker used to trick victims to drop the malicious payload.

According to McAfee research, “User Access Control (UAC) is bypassed after the payload gets executed, so no alert is displayed to the user. The next time the system restarts, the malware is run.”

Also, researchers uncovered over 100 unique payloads and still it’s counting, most of the sample primarily targeting the victims in U.S.

All the WinRAR users are advised to update the current patched version,
WinRAR 5.70 to avoid such attacks and also avoid to open the unknown files.

Training Course: Certified Cyber Threat Intelligence Analysts course that will introduce you to the 8 phases of advanced threat intelligence analysis.

Also Read:

Millions of Devices Found Running Outdated Versions of the Famous Softwares

Hackers Exploiting Adobe Flash Zero-Day that Launching via a Microsoft Office Document

Managed WAF Protection

Website

Latest articles

Cyber Attack

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...
cyber security

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...
CVE/vulnerability

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...
Cyber Crime

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...
Cyber Security News

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...
Computer Security

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...
cyber security

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]