2 min

Tags in this article

, ,

A last month discovered zero day leak in Winrar is meanwhile being exploited by hackers. This allows them to install malware unnoticed on systems with an old version of the software.

All versions of Winrar for Edition 5.70 contain a loophole that allows hackers to bypass Windows’ built-in security and secretly inject malware for automatic installation at the next launch of an affected system. Hackers abuse a mek that was only made public by Check Point last month, but has been embedded in all versions of the Winrar software for fourteen years.

Many users

Winrar is a popular tool for extracting compressed folders and files. About half a billion people use the software. The software’s code has been vulnerable for years, but the leak was only discovered at the end of February. Winrar immediately launched a new version of its software that fixes the problem, but users have to install it. Winrar does not update automatically, so many people still rely on an unsafe version of the software.

The leak allows hackers to provide invisible malware to a compressed zip file. A user who extracts the file will not notice any strange things. Hidden in the repository, however, is an otherwise invisible file, which can be malware. Winrar can put that file in the Windows startup folder without User Account Control being aware of it. The next time the system is started, the malware will be installed automatically.

Active abuse

Since the vulnerability was announced, security company McAfee has already counted a hundred unique threats that take advantage of the problem. The illegal download circuit is a favourite vector. An illegal version of Ariane Grande’s latest CD is circulating. If you download it, you can unpack the songs and listen to them, but in the background you can infect your own system. According to McAfee, the trojan horse that is installed in this way was not recognized by all antivirus programs.

The solution is simple: install the latest version of Winrar, or choose an alternative. In addition, it is of course a good idea not to just open archives that you don’t know the origin of.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.