Latest in Gear

Image credit:

A 19-year-old WinRAR bug is being used to install malware

Another reason to pause before you illegally download Ariana Grande’s new album.
Share
Tweet
Share

Sponsored Links

Caiaimage/Rafal Rodzoch via Getty Images

Last month, a 19-year-old bug was discovered in WinRAR, a software used to extract .zip and other file archives on your Windows PC. The company was quick to patch the bug, but users who haven't updated to version 5.70 are still vulnerable. Now, opportunistic hackers are taking advantage of that. McAfee, a global software security company, revealed in a blog post that it has identified more than 100 unique exploits, with most of the targets in the US.

By renaming an ACE file with a RAR extension, hackers can manipulate WinRAR and extract a malicious program to a computer's startup folder, explained Check Point, the company that discovered the bug. Without the user knowing, the program then runs automatically when the computer is restarted. According to McAfee, one exploit uses a bootleg copy of Ariana Grande's latest album Thank U, Next, with a RAR extension.

We don't know how many people have been impacted by the bug. Fortunately, the days of WinRAR being essential software have passed, but since 2002, it has had more than 500 million users, so this attack could still gain some traction.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

iPhone 12 teardown reveals how 5G has changed things

iPhone 12 teardown reveals how 5G has changed things

View
What we bought: Our favorite USB-C chargers

What we bought: Our favorite USB-C chargers

View
A massive spam attack is ruining public 'Among Us' games

A massive spam attack is ruining public 'Among Us' games

View
Custom PS5 covers are already a thing

Custom PS5 covers are already a thing

View
Amazon Echo Dot (2020) review: Well-rounded in every sense

Amazon Echo Dot (2020) review: Well-rounded in every sense

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr