Hackers Use WinRAR to Spread Malware Infections

Posted on February 28, 2019 at 1:40 PM

Hackers Use WinRAR to Spread Malware Infections

A Chinese web security company revealed evidence about hackers’ attack via malware in WinRAR. WinRAR appears to have weaknesses that allow hackers to plant archives that infect user with malware. These findings could have enormous consequences knowing that WinRAR claims to have about half of billion users.

WinRAR is a well-known file archiving software that works with numerous extensions of compressed archives.

A Chinese company Qihoo 360 recently provided evidence that the hackers have been able to use a certain weakness in WinRAR software to infect a personal computer with malicious content. Qihoo 360 has published a few samples of corrupted archives. They noted that the hackers sent one of them in an email. Two days before, a web security company CheckPoint reported the same WinRAR flaws.

The corrupted archives contained interesting files

In their report, Qihoo 360 explained that one of the infected archive files was packed with pictures of an attractive woman. That was a way to get the users to extract the corrupted library and release malware into their computer. At first glance, the archive seemed normal. Hackers tuned the archive in to take advantage of the WinRAR vulnerability and extract files to a different destination.

When users extract the infected archive, the archive places a malicious file to the Startup Folder of the computer. That malicious file is actually a malware executable that activates on the next Startup. When the user turns on the computer next time, the startup activates the malware and reconstruct a hidden backdoor. A hacker could use that backdoor to install more malware and hijack the device with all the personal information and data.

Qihoo 360 also reported a special archive intended for the users from the middle eastern countries. The archive contains an advertisement for a job in Saudi Arabia. When the user extracts the file, it places a malware in the Startup folder that recreates a backdoor built on PowerShell.

Users need to install the patch by themselves

The developers made a patch for this exact WinRAR weakness. It has become available for beta release since last month. Users have to download and install the patch by themselves. The newest WinRAR release is available for download since yesterday.

It’s important to have antivirus software because it could prevent issues such as this one. Qihoo 360 uploaded one of the infected archives to VirusTotal to test how many antivirus software recognize content as malicious. It turned out that 24/56 antivirus programs detect this type of malicious content. Microsoft’s antivirus is among them.

Summary
Hackers Use WinRAR to Spread Malware Infections
Article Name
Hackers Use WinRAR to Spread Malware Infections
Description
A Chinese web security company revealed evidence about hackers’ attack via malware in WinRAR. WinRAR appears to have weaknesses that allow hackers to plant archives that infect user with malware. These findings could have enormous consequences knowing that WinRAR claims to have about half of billion users.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading