WinRAR exploit ( #CVE-2018-20250) sample (united nations. 360 Threat Intelligence Center February 27, 2019
THE USED VULNERABLE RAR VK ARCHIVE
Warning! Upgrades in the #WinRAR vulnerability ( #CVE-2018-20250) exploit, use social engineering to lure victims with embedded image files and encrypt the malicious ACE archive before delivering.Ĭhinese version: /8cjieD1xVJ 360 Threat Intelligence Center February 25, 2019 The backdoor is generated by MSF and written to the global startup folder by WinRAR if UAC is turned off.
Possibly the first malware delivered through mail to exploit WinRAR vulnerability. Other campaigns have been used to spread malware through the WinRAR exploit as well, as 360 Threat Intelligence Center has been documenting via Twitter. McAfee revealed they've identified "over 100 unique exploits and counting." One particular implementation targets Ariana Grande fans looking to bootleg the artist's popular album "Thank U, Next" by using a file named “Ariana_Grande-thank_u,_next(2019)_.rar” that is booby trapped with malicious code. Now, hackers are leveraging the exploit to reach vulnerable systems before users update. Rarlab issued a patch and statement, but those who are not using the most recent version are still at risk. rar extension, and then use it as a booby trap to execute malicious code from a machine's startup folder after a reboot.
The potential attack vector was a result of WinRAR's support for the outdated ACE archive format, whereby those with malicious intent could give an ACE file a.
Vulnerable versions are subject to malicious archive files that are booby trapped and now opportunistic hackers are using this attack vector to hit unknowingly vulnerable users before they can patch.īack in February, cybersecurity firm Check Point disclosed a vulnerability that's existed in WinRAR for some 19 years. Why it matters: If you have WinRAR installed, make sure you've updated to the most recent version that patches a critical security vulnerability.