Attackers are continuing to exploit WinRAR vulnerability to launch attacks

Recently, a component library attached to the world-renowned compression manager WinRAR exists a vulnerability. This component library has not been updated for many years. Later, several compression managers such as WinRAR chose to delete this component library directly, but many users still use the old version that was affected by this vulnerability. Running the old version means that it is affected by the vulnerability and also gives the attacker a chance. More and more attackers have begun to exploit this vulnerability to launch the attack.

Image: McAfee

According to the latest security report released by McAfee, hundreds of different attack samples and various fancy exploit cases have been detected. For example, a very popular malware exploits this vulnerability to automatically spread the virus, and then put the virus in the system startup directory to wait for the next reboot of the system. In this way, the virus does not trigger the UAC account control option at all, so even if the user encounters such an attack, no abnormal situation will be found. And such attacks are currently gaining popularity around the world. WinRAR has more than 500 million users worldwide, it is also a good target for hackers.

According to McAfee, the current attack path is also a challenge for anti-virus software, because most anti-virus software cannot detect this attack completely. McAfee claims that the best solution is to upgrade your WinRAR to the latest version or choose to directly remove the UNACEV2.DLL library with a security flaw. In addition, the old open source free compression manager 7Zip has deleted this component library many years ago, so users can also choose to use 7z to extract files directly.