Several cyber-criminal groups as well as the individual hackers are still in the process of exploiting the lately patched critical code execution vulnerability in WinRAR which is a popular Windows file compression application having 500 million users worldwide. This is because the WinRAR software does not possess an auto-update feature that unfortunately leaves millions of the users vulnerable to the cyber attacks. The critical vulnerability that was patched during late February 2019 by the WinRAR team with the release of the WinRAR version 5.70 beta, CVE-2018-20250, impacts all the previous versions of WinRAR that has been released over the course of past 19 years.
For those who are unaware about the vulnerability, it is an “Absolute Path Traversal” bug that resides in the old third-party library UNACEV2.DLL of the WinRAR and permits the attackers to extract a compressed executable file from the ACE archive to one of the Windows start-up folders where the malicious file would run on the next reboot automatically. As a result, to successfully exploit this vulnerability and take full control over the would be compromised computers, the attackers needs to convince the users into opening a maliciously crafted compressed archive file utilizing WinRAR.
Soon after the details and the proof-of-concept (PoC) exploit code went public, the malicious attackers started exploiting the vulnerability in a mal-spam email campaign to install the malware on the computers of the users that is running the vulnerable version of the software. Lately, the security researchers from McAfee has reported that they have identified over 100 unique exploits and still now counting in the first week as the vulnerability was publicly disclosed having most of the initial targets residing in the U.S. One of the recent campaigns identified by the researchers piggybacks on a bootlegged copy of a hit album of Adriana Grande is currently been detected as malware by only 11 security products while 53 antivirus products fail to alert their users.