• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

By using the bug, hackers are desperately dropping persistent malware through generic trojan on systems using the old version of WinRar.

by Cyber360 News
November 11, 2019
in Malware
0
By using the bug, hackers are desperately dropping persistent malware through generic trojan on systems using the old version of WinRar.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

By using the bug, hackers are desperately dropping persistent malware through generic trojan on systems using the old version of WinRar.

McAfee security firm’s researcher Craig Schmugar has identified that the world famous and commonly used compression software WinRar is plagued with code execution vulnerability for the past nineteen years. Resultantly, over 100 exploits have surfaced that can target vulnerability. A majority of the targets are found to be located in the USA.

See: WinRar and TrueCrypt installer dropping malware on PCs

The flaw in the software that’s used by 500 million users around the globe was identified only recently by Check Point Research and it immediately made headlines because of the sheer amount of time it has plagued the software. It is observed that attackers can infect devices with such persistent malware and malicious applications that most of the antivirus products cannot detect.

The infection gets activated as soon as the user opens a compressed ZIP file on the PC. It is worth noting that the infection gets activated with all versions of WinRar released in the past nineteen years. The archive files get extracted to any folder that the creator selects such as the Windows startup folder through the absolute path traversal method and a warning notification isn’t generated.

Hackers are using 19-year-old WinRar bug to install nasty malware

That’s where the malicious malware come into action and run the next time the victim reboots the device. After the computer is rebooted a random, generic Trojan is installed that can only be identified by 9 antivirus products, as per VirusTotal.

Schmugar explained the working of the exploit in a blog post along with screenshots of how the attack takes place:

“One recent example piggybacks on a bootlegged copy of Ariana Grande’s hit album Thank U, Next with a file name of ‘Ariana_Grande-thank_u,_next(2019)_[320].rar,’. When a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder behind the scenes. User Access Control (UAC) is bypassed, so no alert is displayed to the user. The next time the system restarts, the malware is run.”

Schmugar also revealed that all the 100 exploits didn’t install the same malware.

See: Hackers Hide Monero Cryptominer in Scarlett Johansson’s Picture

The Ariana Grande RAR file is circulating on numerous BitTorrent services and Twitter with the exact same title as Schmugar identified. If you happen to see such a file offered to be downloaded do ignore it and make sure to use WinRar version 5.70 only because that’s the only version not vulnerable to the attacks. Alternately, you can start using 7zip.

“While a patched version, 5.70, was released on 26 February, attackers are releasing exploits in an effort to reach vulnerable systems before they can be patched,” Schmugar explained.

Did you enjoy reading this article? Kindly do like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
The cybercriminal was also involved in several other cybercrimes including swatting and deleting databases of targeted websites.

The cybercriminal was also involved in several other cybercrimes including swatting and deleting databases of targeted websites.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In