Using WinRAR? Install this update right away

March 28, 2019

Everybody knows that clicking on EXE files can be dangerous. Some people are even aware of the potential risks of opening MS Office files, which can also contain malware. But what can go wrong if you simply unpack a WinRAR archive? Actually, quite a lot.

If you are one of the 500 million people worldwide using WinRAR, you are a perfect target for hijackers. It was recently discovered that every version of WinRAR released in the last 19 years has a critical bug that allows cybercriminals into your computer. Now more than 100 ways to exploit it have been identified — and that number keeps going up.

How the 19-year-old WinRAR bug works

The security flaw enables hijackers to create malicious RAR archives. As soon as this archive is unpacked, a malicious executable file is silently extracted into the Startup folder. On the next reboot this file will be automatically launched, thus infecting your computer with whatever payload the file contains.

To pass undetected even by the most cautious of us, the malefactors usually give this EXE file very innocent-looking names, such as GoogleUpdate.exe.

It should go without saying that malicious archives and the e-mails that contain them are designed to make the victim push the extract button. The lures vary greatly. Sometimes hackers opt for bait labeled as adult images, sometimes they compose an extremely attractive job offer, sometimes they alert you of a terrorist attack risk. In some cases, malefactors pretend to send some technical documents, or inform you about recent changes to local legislation. Some even invite you to download a pirated copy of a hit album, for example, by Ariana Grande.

One way or another, the core idea is that nobody sees much harm in unpacking the archive, so many people click without giving it a second thought.

What happens when the bug is exploited

The malware payloads can be anything: remote access tools of different kinds, enabling hijackers to capture your screen and upload or download files to or from your device, or a banking Trojan, or ransomware, or any other of the innumerable malware species out there.

The most recent example of malware spreading using the WinRAR vulnerability is JNEC.a, new ransomware that locks all of the files on an infected device. At the moment, the cybercriminals are asking for a relatively modest ransom to decrypt your data: 0.05 bitcoins (about $200).

How to protect yourself against malware spreading through WinRAR bug

  • Update your WinRAR right away. Unfortunately, there’s no automatic update, so you have to do it manually. Go to the official WinRAR website, download version 5.70 or a more recent one, and install it.
  • To stay on the safe side, do not open any archives you receive from unknown senders.
  • Use a reliable security solution such as Kaspersky Internet Security to immunize your system against potential attack.