Forum2018-04-21T01:13:09-05:00

Hackers Start Exploiting Serious WinRAR Flaw to Spread Malware  

 
(@ajamu)
BlackJestic Afrikan Registered
Abibitumi Member
Abibisika (BlackGold Points):208

https://www.pcmag.com/news/366852/hackers-start-exploiting-serious-winrar-flaw-to-spread-malwa?utm_source=email&utm_campaign=whatsnewnow&utm_medium=image

 

 

Hackers Start Exploiting Serious WinRAR Flaw to Spread Malware

If you're running an old version of WinRAR, it's a good time to patch. Hackers appear to be exploiting a serious bug in the file utility software by spreading secretly rigged file archives that install malware on people's PCs.
WinRAR Vulnerability

WinRAR users need to watch out. Hackers are starting to exploit a newly disclosed bug in the file-archiving tool to secretly install malware on Windows PCs.

Chinese security firm Qihoo 360 has uncovered several file archive samples that exploit the WinRAR vulnerability to deliver malware to a victim's computer. One of the attacks was sent over email.

 

The first sample was detected only two days after the WinRAR bug was publicly disclosed by a separate security firm, Check Point. The bug is particularly problematic because WinRAR claims to have over 500 million users. A hacker can exploit the vulnerability to craft seemingly benign RAR archive files that are actually malicious.

According to Qihoo 360's research division, one of the samples it uncovered is a file archive containing pictures of attractive women. "In order to trigger the vulnerability, attackers put inside lots of image files and lure the victim to decompress the archive," the researchers said in their report.

 

WinRAR Vulnerability 2

 

However, the archive itself has secretly been rigged to exploit the WinRAR bug, which unpacks a file archive to a new destination. In this case, when the archive is decompressed, it'll covertly deliver a malware executable to the PC's Startup Folder. The next time the victim restarts their PC, the malware will run on startup and create a hidden backdoor that can let the hacker take over their computer and install other forms of malware, the researchers warned.

360 Threat Intelligence Center@360TIC
 

Possibly the first malware delivered through mail to exploit WinRAR vulnerability. The backdoor is generated by MSF and written to the global startup folder by WinRAR if UAC is turned off. https://www. virustotal.com/#/file/7871204f2832681c8ead96c9d509cd5874ed38bcfc6629cbc45472b9f388e09c/detection 

IOC:
hxxp://138.204.171.108/BxjL5iKld8.zip
138.204.171.108:443

192 people are talking about this
 
 
 

Qihoo 360 also uncovered another sample that appears to target users based in the Middle East. The sample is a file archive that contains a PDF about a job opportunity in Saudi Arabia. Decompressing the file, however, will deliver a Powershell-based backdoor to the PC's Startup Folder.

The developers of WinRAR patched the vulnerability starting with a beta release last month. However, it'll be up to users to actually download and install it. The latest WinRAR release, 5.70, rolled out yesterday and can be found here.

If your PC does accidentally decompress a rigged archive file, antivirus softwaremight be able to detect it. Qihoo 360 uploaded one of the uncovered samples to VirusTotal, which shows that 24 out of 56 antivirus engines, including Microsoft's, detected the file as malicious.

UPDATE 2/28/19: Qihoo 360, Check Point and other security researchers have found more rigged archive files designed to exploit the vulnerability. The new sample found by Qihoo 360 appears to be targeting Ukrainian users.

Quote
Posted : 02/28/2019 11:52 am
?errthang liked
(@obadelekambon)
Most BlackNificent Afrikan! Admin
Abibifahodie Wura!
Abibisika (BlackGold Points):9518

@ajamu, nice heads up

Ma ku Mbôngi, ka matômbulawanga za ko. "The community's political institution does not borrow foreign dialects to discuss its political matters or to educate its' members" – Kikôngo proverb “The history of Africa will remain suspended in air and cannot be written correctly until African historians connect it with the history of Egypt [...] The African historian who evades the problem of Egypt is neither modest or objective, nor unruffled, he is ignorant, cowardly, and neurotic.” – Cheikh Anta Diop, The African Origin of Civilization: Myth or Reality "African champions must break the chain that links African ideas to European ones and listen to the voice of the ancestors without European interpreters." – Jacob Carruthers, Mdw Ntr
Ọbádélé Kambon, PhD Email: [email protected] Skype: obadele.kambon Paypal: www.paypal.me/akali Abibifahodie Family of Websites:
www.obadelekambon.com | www.abibitumikasa.com | www.abibifahodie.com | www.abibifahodie.org www.sankofajourney.com | www.letsbuyblack.com | www.asaseheals.com www.kamaukambon.org | www.amakambon.com | www.bennucenter.com www.nubusinesssolutions.com | www.onipa.com | www.lastblackman.com
 

Ọbádélé Kambon's Personal app for Android
Abibitumi Kasa Social Education Network App for Android
Abibitumi Chat App for Android
Abibitumi Chat App for iOS

ReplyQuote
Posted : 10/04/2019 6:15 pm

Leave a reply


 
Preview 0 Revisions Saved
Share:

Contact Info

#2 Kwatei Asuasa, West Legon

Phone: +233249195150 | +233240872928

Mobile: +19199267097

Fax: 458 761-9562

Web: Abibitumi.com