By using the bug, hackers are desperately dropping persistent malware through generic trojan on systems using the old version of WinRar.
McAfee security firm’s researcher Craig Schmugar has identified that the world famous and commonly used compression software WinRar, a popular Windows file compression application with 500 million users worldwide, is plagued with code execution vulnerability for the past nineteen years.
Resultantly, over 100 exploits have surfaced that can target vulnerability.
A majority of the targets are found to be located in the USA.
WinRAR software doesn’t have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks.
The critical vulnerability (CVE-2018-20250) that was patched late last month by the WinRAR team with the release of WinRAR version 5.70 beta 1 impacts all prior versions of WinRAR released over the past 19 years.
For those unaware, the vulnerability is “Absolute Path Traversal” bug that resides in the old third-party library UNACEV2.DLL of WinRAR and allows attackers to extract a compressed executable file from the ACE archive to one of the Windows Startup folders, where the malicious file would automatically run on the next reboot.
Therefore, to successfully exploit this vulnerability and take full control over the targeted computers, all an attacker needs to do is just convincing users into opening a maliciously-crafted compressed archive file using WinRAR.
Immediately after the details and proof-of-concept (PoC) exploit code went public, malicious attackers started exploiting the vulnerability in a malspam email campaign to install malware on users’ computers running the vulnerable version of the software.