Beware !! Hackers Exploiting WinRAR Vulnerability to Hack Windows Computer While User Extract the Content

Cyber Criminals launching a massive payload campaign that exploit the vulnerability that existed in the WinRAR compression tool to compromise the target Windows System.

Since the vulnerability has been already patched, attacker aiming to exploit and compromise the unpatched vulnerable systems.

Researchers from checkpoint recently discovered this 19-year-old Remote Code Execution bug vulnerability in WinRAR UNACEV2.DLL allows attackers to take complete control of the vulnerable windows machine.

WinRAR is worlds most popular Compression tool that used over 500 million users around the world.

The vulnerability(CVE-2018-20250) resides the unacev2.dll that used in handling the ACE archive extraction. The ACE file format compiled using WinACE.

Similarly, cyber criminals already launched First Malware Campaign that Exploits WinRAR ACE vulnerability on Feb 5, 2019.

Exploiting WinRAR UNACEV2.DLL Vulnerability

Initially, Threat actors compressed the exploit payload using WinRAR and distributing to victims with the name of “Ariana_Grande-thank_u,next(2019)[320].rar”.


Malformed Archive

In this case, once users open the compressed payload using unpatched & vulnerable WinRAR then the malicious payload is created in the Startup folder.


Extracted Malware payload

Along with the payload, researchers uncovered that the compressed file also contains non-malicious MP3 files which is one of the tactics attacker used to trick victims to drop the malicious payload.

According to McAfee research, “User Access Control (UAC) is bypassed after the payload gets executed, so no alert is displayed to the user. The next time the system restarts, the malware is run.”

Also, researchers uncovered over 100 unique payloads and still it’s counting, most of the sample primarily targeting the victims in U.S.

All the WinRAR users are advised to update the current patched version,
WinRAR 5.70 to avoid such attacks and also avoid to open the unknown files.

Training Course: Certified Cyber Threat Intelligence Analysts course that will introduce you to the 8 phases of advanced threat intelligence analysis.

Also Read:

Millions of Devices Found Running Outdated Versions of the Famous Softwares

Hackers Exploiting Adobe Flash Zero-Day that Launching via a Microsoft Office Document

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search…

1 day ago

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the…

1 day ago

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains, posing…

1 day ago

HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware,…

1 day ago

RansomHub Ransomware Group Hits 84 Organizations as New Threat Actors Emerge

The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of…

1 day ago

Threat Actors Leverage Email Bombing to Evade Security Tools and Conceal Malicious Activity

Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious…

2 days ago