WinRAR from RARLabs, the ubiquitous compression utility has finally gained notice in the Black Hat hacker community thanks to an exploit that threatens to make it the next major vector of malware infection. Fortunately, RARLabs has managed to patch the problem immediately through a new version of the software for users to download.
Therein lies the current problem. Not everyone is onboard with updating their current version. There is still plenty of opportunities for malicious actors to take advantage of WinRAR’s vulnerability.
There are over 500 million users of WinRAR worldwide. The program’s popularity stems from its being free and fully-functional, handling most compression file types. The only problem with the free version are the constant nag screens asking users to get the paid version. Some people do so RARLabs stays in business.
We do not know the number of those people who pay keeping this useful program alive but they may not be enough for the developers to include an auto-update feature which is now common for apps.
Except for those who got wind of the news that WinRAR is now in hackers’ crosshairs, most users do not bother updating unless they feel like doing so, because the software functions without a hitch. The nag screens don’t tell users much other than the fact that they need to pay up.
The very small screen and short message makes it an easily-dismissed nuisance. What a larger screen should be saying is that users will enjoy other features and automatic updates that will keep their system secure in case hackers decide to take advantage of any vulnerabilities.
The vulnerability in question is what’s known as the “Absolute Path Traversal” bug. The bug allows hackers to plant malware into ACE compressed files into the Windows Startup folder. WinRAR is commonly used as a secure way to send files that would otherwise be scanned by anti-malware programs in email such as DOCX, XLSX and EXE.
When sent through email, users would assume the file is secure regardless of the extension because what they’ll see is the WinRAR icon. Apart from email, another common delivery system for WinRAR files are torrents, for example, songs or albums by Ariana Grande (Ariana_Grande-thank_u,_next(2019)_.rar). After the file/s are extracted, a malicious payload also gets extracted to the Windows startup folder.
WinRAR needs to get a message out there, not just to pay up, but to be careful and stay updated.