Office

Exploit detected that uses a winrar failure to install backdoor

2024
Exploit detected that uses a winrar failure to install backdoor

Table of contents:

Anonim

Investigators from Check Pont have been in charge of discovering a bug in WinRAR. A ruling that has been present for almost two decades. It originates from an old DLL from 2006, which did not have the necessary protection mechanisms. Due to this failure, there could be some 500 million users at risk. This week the first exploit was detected, which was sent through an email that included an RAR file as an attachment.

Exploit detected that exploits WinRAR failure to install a backdoor

The specific failure lies in a third-party library called UNACEV2.DLL. As a measure, a beta has been launched in which it is removed. Failing to support ACE files in this way.

Possibly the first malware delivered through mail to exploit WinRAR vulnerability. The backdoor is generated by MSF and written to the global startup folder by WinRAR if UAC is turned off.https: //t.co/bK0ngP2nIy

IOC:

hxxp: //138.204.171.108/BxjL5iKld8.zip

138.204.171.108:443 pic.twitter.com/WpJVDaGq3D

- RedDrip Team (@ RedDrip7) February 25, 2019

WinRAR crash

Yesterday the first exploit that tries to implant a backdoor in an infected computer was detected. So it seems to be the first who wants to take advantage of this bug in WinRAR. Although this does not mean that there are no others, that have not yet been discovered. When they have examined the aforementioned attached RAR file, which we have talked about before, it has been seen that an attempt was made to extract a file in the C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ folder.

When this happens, the file is copied to% Temp% \ and then the wbssrv.exe file is run, as the researchers have said. Once the malicious code is run, the Cobalt Strike Beacon DLL, which is used by cybercriminals to remotely access computers, is downloaded.

Users are recommended to update to the latest version of WinRAR, which the company has already made available on the web. To download it you have to enter this link.

The Hacker News Font

Devil's ivy: failure detected in security cameras

Devil's ivy: failure detected in security cameras

Devil's Ivy: Bug detected in security cameras. Find out more about this vulnerability that affects security cameras.

New theft in ethereum: $ 475,000 for a puzzle failure

New theft in ethereum: $ 475,000 for a puzzle failure

New Theft on Ethereum: $ 475,000 for an Enigma glitch. Find out more about the new theft that affects the cryptocurrency.

▷ Why install winrar in windows 10

▷ Why install winrar in windows 10

Installing WinRAR on Windows 10✅ will allow you to save space and have your files stored safely. WinRAR allows you this and much more

Office

Editor's choice

Is HTC losing interest in Windows Phone?

Is HTC losing interest in Windows Phone?

2024
Samsung Ativ Q

Samsung Ativ Q

2024
Images of what could be the new Nokia Lumia EOS

Images of what could be the new Nokia Lumia EOS

2024
Build 2013 devices: waiting for manufacturers

Build 2013 devices: waiting for manufacturers

2024
Back to top button