Latest in Gear

Image credit: Caiaimage/Rafal Rodzoch via Getty Images

A 19-year-old WinRAR bug is being used to install malware

Another reason to pause before you illegally download Ariana Grande’s new album.
2429 Shares
Share
Tweet
Share

Sponsored Links

Caiaimage/Rafal Rodzoch via Getty Images

Last month, a 19-year-old bug was discovered in WinRAR, a software used to extract .zip and other file archives on your Windows PC. The company was quick to patch the bug, but users who haven't updated to version 5.70 are still vulnerable. Now, opportunistic hackers are taking advantage of that. McAfee, a global software security company, revealed in a blog post that it has identified more than 100 unique exploits, with most of the targets in the US.

By renaming an ACE file with a RAR extension, hackers can manipulate WinRAR and extract a malicious program to a computer's startup folder, explained Check Point, the company that discovered the bug. Without the user knowing, the program then runs automatically when the computer is restarted. According to McAfee, one exploit uses a bootleg copy of Ariana Grande's latest album Thank U, Next, with a RAR extension.

We don't know how many people have been impacted by the bug. Fortunately, the days of WinRAR being essential software have passed, but since 2002, it has had more than 500 million users, so this attack could still gain some traction.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
2429 Shares
Share
Tweet
Share

Popular on Engadget

Google Duplex begins international rollout with a New Zealand pilot

Google Duplex begins international rollout with a New Zealand pilot

View
The Morning After: A final trailer for 'Star Wars: The Rise of Skywalker'

The Morning After: A final trailer for 'Star Wars: The Rise of Skywalker'

View
Todoist 'Foundations' update adds a host of organization features

Todoist 'Foundations' update adds a host of organization features

View
Microsoft's latest VR experiment is a literal walk in the park

Microsoft's latest VR experiment is a literal walk in the park

View
Lilium proves its electric air taxi can fly

Lilium proves its electric air taxi can fly

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr