19-year-old WinRAR flaw lets hackers infect computers with malware
Threats / 19-year-old WinRAR vulnerability lets hackers infect computers with malware
29 March 2019
Kaspersky Lab has announced that a critical security vulnerability that was present in every version of WinRAR released in the last 19 years allowed hackers to inject malware into computers by creating malicious RAR archives.
The security flaw that lasted almost two decades has been finally fixed and the only version of WinRAR that does not contain the flaw is the latest version 5.70 which users can download from the official WinRAR website.
According to Kaspersky Lab, no less than 500 million across the world who use WinRAR frequently to archive their files were rendered vulnerable to malware injection due to the critical flaw.
“The security flaw enables hijackers to create malicious RAR archives. As soon as this archive is unpacked, a malicious executable file is silently extracted into the Startup folder. On the next reboot this file will be automatically launched, thus infecting your computer with whatever payload the file contains.
“To pass undetected even by the most cautious of us, the malefactors usually give this EXE file very innocent-looking names, such as GoogleUpdate.exe,” the security firm noted.
In order to lure unsuspecting people to open malicious RAR archives, cyber criminals use various tactics and lures such as advertising job offers, offering adult images, and alerting users about impending terrorist attacks. As such, the only way to prevent hackers from injecting malware into your computer is to stop opening WinRAR archives emailed to you by unknown senders.
Considering that modern malware can execute a wide variety of malicious tasks such as data exfiltration, credential-stealing, gaining remote access, or encrypting data stored in infected systems, opening malicious WinRAR files can expose millions of users to a range of threats that could seriously impact their privacy and data security.
WinRAR removes ACE support to patch security flaw
The existence of the security vulnerability was acknowledged by WinRAR on 28th February when the company released the latest version of the widely-used software, stating that the new version did not feature ACE support due to a potential security risk arising through corrupted ACE archives.
“A recent report by Check Point Software revealed a potential security vulnerability in the UNACEV2.DLL library, which was used in former versions of WinRAR to decompress ACE archives. There haven’t been any reported attacks so far, but to provide WinRAR users with a stable and clean version, the final version of WinRAR 5.70 has been released.
“Since UNACEV2.DLL had not been updated since 2005 and access to its source code is not available, the decision was made to drop ACE archive support starting with WinRAR 5.70. Now, after the launch of the final and stable version of WinRAR 5.70, upgrading immediately to the new 5.70 version is highly recommended,” win.rar GmbH said.
“To users who are not interested in an upgrade or who don’t find a localized version of WinRAR 5.70 yet, win.rar GmbH’s advice is to delete the UNACEV2.DLL file from their current WinRAR version to be reliably protected again. All users of WinRAR 5.10 or any newer version can find the UNACEV2.DLL file in the WinRAR program folder. WinRAR users of versions older than 5.10, can find the UNACEV2.DLL file in the Formats subfolder of the WinRAR program,” it added.