[ad_1]
That's what McAfee, a security specialist, has discovered. The 19-year undiscovered vulnerability can be found in unacev2.dll, which is used to decompress ACE archives.
The vulnerability discovered in February, which affects almost all versions of WinRAR released in the last 19 years, has become a target sought by many cybercriminals in the last month. This is the result of a survey conducted by McAfee security specialist. McAfee has discovered several campaigns in recent weeks in which cybercrime groups and possibly some domestic hackers have attempted to exploit the WinRAR vulnerability.
The vulnerability was publicly announced on February 20 by security researchers from the Check Point cybersecurity company. An attacker could use it to create ACE archives which, when unzipped with the WinRAR application, anchor malicious code in a computer system.
According to Check Point, attackers could use this vulnerability (CVE-2018-20250) to place malicious software in the Windows startup folder, where it will be automatically executed after each system reboot.
According to McAfee, this potential danger has now become a reality. A week after the announcement of the hole, groups of hackers began exploiting this vulnerability to place backdoor Trojans on users' computers.
The spam campaigns have continued and diversified to distribute various malware payloads, using a variety of baits, ranging from technical documents to celebrity bad images.
Malicious archives attempting to exploit the WinRAR flaw were also sent to South Korean government agencies the day before the second Donald Trump and Kim Jong-un summit, which was held in late February in Vietnam.
Although security researchers have not confirmed their links with government hacking groups, the timing and targeting is consistent with state piracy.
But this is not the only event in which political-themed spear-phishing campaigns have been recorded with the WinRAR exploit. There were at least two others, according to McAfee.
The first used a Ukrainian law topic to force victims to decompress a malicious archive exploiting the WinRAR bug. And then, there was a second campaign that targeted users in the Middle East with a lure about the UN and human rights.
Both attacks are highly targeted and most likely is the work of the intelligence services of cyber espionage.
But even private users are targeted by cybercriminals. According to McAfee, a campaign uses the popularity of American actress and singer Ariana Grande as bait to get users to open an infected archive. In total, McAfee recorded "100 unique exploits and accounts" that used the WinRAR vulnerability to infect users.
Overall, these attacks will inevitably continue because WinRAR is an ideal attack surface. The application has more than 500 million users, most of whom probably use an outdated version affected by this vulnerability.
WinRAR and other relevant programs
WinRAR version 5.70 or higher is protected against the 19-year-old chess point. With version 5.70, ACE support for the unacev2.dll program library contains the vulnerability has been interrupted.
Users who do not wish to update can also simply delete the unacev2.dll DLL in question from the WinRAR program directory. This eliminates the risk of catching malicious code by manipulating ACE archives. Users of other programs, such as Total Commander, who use unacev2.dll are also affected by this vulnerability. The newly released 9.22 is protected against this vulnerability. This also applies only to the 32-bit version.
Source link