Exploit detected that uses a winrar failure to install backdoor
Table of contents:
Investigators from Check Pont have been in charge of discovering a bug in WinRAR. A ruling that has been present for almost two decades. It originates from an old DLL from 2006, which did not have the necessary protection mechanisms. Due to this failure, there could be some 500 million users at risk. This week the first exploit was detected, which was sent through an email that included an RAR file as an attachment.
Exploit detected that exploits WinRAR failure to install a backdoor
The specific failure lies in a third-party library called UNACEV2.DLL. As a measure, a beta has been launched in which it is removed. Failing to support ACE files in this way.
Possibly the first malware delivered through mail to exploit WinRAR vulnerability. The backdoor is generated by MSF and written to the global startup folder by WinRAR if UAC is turned off.https: //t.co/bK0ngP2nIy
IOC:
hxxp: //138.204.171.108/BxjL5iKld8.zip
138.204.171.108:443 pic.twitter.com/WpJVDaGq3D
- RedDrip Team (@ RedDrip7) February 25, 2019
WinRAR crash
Yesterday the first exploit that tries to implant a backdoor in an infected computer was detected. So it seems to be the first who wants to take advantage of this bug in WinRAR. Although this does not mean that there are no others, that have not yet been discovered. When they have examined the aforementioned attached RAR file, which we have talked about before, it has been seen that an attempt was made to extract a file in the C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ folder.
When this happens, the file is copied to% Temp% \ and then the wbssrv.exe file is run, as the researchers have said. Once the malicious code is run, the Cobalt Strike Beacon DLL, which is used by cybercriminals to remotely access computers, is downloaded.
Users are recommended to update to the latest version of WinRAR, which the company has already made available on the web. To download it you have to enter this link.
The Hacker News FontDevil's ivy: failure detected in security cameras
Devil's Ivy: Bug detected in security cameras. Find out more about this vulnerability that affects security cameras.
New theft in ethereum: $ 475,000 for a puzzle failure
New Theft on Ethereum: $ 475,000 for an Enigma glitch. Find out more about the new theft that affects the cryptocurrency.
▷ Why install winrar in windows 10
Installing WinRAR on Windows 10✅ will allow you to save space and have your files stored safely. WinRAR allows you this and much more