[ad_1]
A code execution vulnerability in WinRAR generated more than a hundred distinct exploits in the first week after its release, and the number of explosions continues to grow.
The interest of hackers was probably stung by the base of 500 million users of file compression software and by the fact that the flaw (CVE-2018-20250) was present in all its versions published in during the last 19 years. In addition, the reward would be total control over the victim's system.
McAfee researcher Craig Schmugar reported Thursday in a recent attack that hackers had seduced victims with a pirated copy of Ariana Grande's album "Thank U, Next".
The music files would be delivered in an archive file named "Ariana_Grande-thank_u, _next (2019) _[320].rar. "Using a vulnerable version of WinRAR to extract the files, a malicious payload is added to the Windows startup folder.
The researcher indicates that most of the targets initially observed were residents of the United States. The company has identified more than 100 exploits in the week following the release of the vulnerability, which is on the rise.
"User Access Control (UAC) is ignored. No alert is displayed for the user. At the next restart of the system, the malicious program will be executed, "explains Schmugar.
The exploits appear two days after the disclosure of the bug
Security researchers at 360 Threat Intelligence Center discovered exploits for WinRAR used in the wild on February 20, two days after its public disclosure. They were used in phishing attacks that attracted with images or archived documents.
More recently, Chinese researchers have noticed a campaign using human rights documents from the United Nations to attract victims in the Middle East. The payload was a remote access tool (RAT) currently detected by at least 28 antivirus engines.
WinRAR exploit (#CVE-2018-20250) sample (United nations .rar) seems to target the Middle East. Documents containing United Nations human rights baits and #UN in Arabic, he finally downloads and executes #Revenge RAT.https: //t.co/WJ4oJ1UxAz pic.twitter.com/fgHYSD4Mk5
– 360 Threat Intelligence Center (@ 360TIC) March 12, 2019
CVE-2018-20250 was discovered by Check Point's Nadav Grossman using the WinAFL fuzzer. This is a logical bug traversing the ACE path in the library 'unacev2.dll & # 39; added to WinRAR to extract the old ACE archive format, rarely used now.
The code of the library has remained unchanged since 2005. Since its source code was lost in the meantime, WinRAR managers could no longer repair the vulnerable part. For this reason, the solution was to remove support for ACE archives in the first beta version of WinRAR 5.70.
However, users can still benefit from ACE support in WinRAR by applying a specially created micropatch to solve this problem. The solution is available through the 0Patch platform of ACROS Security.
WinRAR users are welcome to use one or the other solution to immunize the program against current operating methods.
[ad_2]
Source link