Last month, a 19-year-old bug was discovered in WinRAR, a software used to extract .zip and other file archives on your Windows PC. The company was quick to patch the bug, but users who haven't updated to version 5.70 are still vulnerable. Now, opportunistic hackers are taking advantage of that. McAfee, a global software security company, revealed in a blog post that it has identified more than 100 unique exploits, with most of the targets in the US.
By renaming an ACE file with a RAR extension, hackers can manipulate WinRAR and extract a malicious program to a computer's startup folder, explained Check Point, the company that discovered the bug. Without the user knowing, the program then runs automatically when the computer is restarted. According to McAfee, one exploit uses a bootleg copy of Ariana Grande's latest album Thank U, Next, with a RAR extension.
We don't know how many people have been impacted by the bug. Fortunately, the days of WinRAR being essential software have passed, but since 2002, it has had more than 500 million users, so this attack could still gain some traction.