Do you use WinRAR on your windows? Have you updated it to the latest version? You are advised to update WinRAR to latest version 5.70 beta 1, as\u00a0the WinRAR development team has patched the wildly used vulnerability.\r\n\r\nA critical remote code execution vulnerability recently addressed by WinRAR is actively exploited by several threatening players.\r\n\r\nThe use of the wild flaw is worrying because WinRAR has no auto-update features, which leaves millions of users at risk of cyber assault.\u00a0More than 500 million users worldwide use WinRAR and the bug that has affected all releases over the last 19 years is potentially impacting.\r\nWinRAR Vulnerability Explained\r\nThe CVE-2018-20250 vulnerability could enable the attacker to gain control of the target System by experts at Check Point during February.\r\n\r\nArchive file could be used to execute arbitrary code to exploit the "Absolute Path Traversal" flaw in the library.\r\n\r\nThe\u00a0vulnerability\u00a0lies in\u00a0a third-party library called "UNACEV2.DLL", used by Winrar, which is a way of handling the extraction of files compressed in ACE-data format. Experts indicated that, by analyzing the content of the WinRAR file format, the attacker could change the .ace extension to the .rar extension to trick people.\r\n\r\nThe researchers found that a path traversal flaw\u00a0could extract compressed files into a folder of attacker\u00a0choice instead of the user's selected folder. If a malicious\u00a0code were to be dropped into the Windows Startup folder, the next reboot would start it\u00a0automatically.\r\n\r\nThe RAR file extracts original\u00a0MP3 files into the download folder of the victim together with a malicious executable file in the startup\u00a0folder that allows the targeted system to be exploited.\r\nWhen a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder behind the scenes. User Access Control (UAC) is bypassed, so no alert is displayed to the user. The next time the system restarts, the malware is run.\r\nWinRAR Exploit PoC\r\nHow the victim is triggered into opening compressed archive file using WinRAR to gain complete control over a targeted system shown in the video below.\r\n\r\nhttps:\/\/youtu.be\/R2qcBWJzHMo\r\nWildly used Exploit Using WinRAR Vulnerability\r\nJust days after the flaw\u00a0was disclosed, researchers at the 360 Threat Intelligence Centre found a malicious RAR archive campaign that could exploit malware installed on a computer.\r\n\r\nNow, McAfee security experts reported\u00a0that the WinRAR bug\u00a0is still exploited by attackers and that in the first week of the vulnerability, they identified more than "100 unique exploits and counts."\r\n\r\nAdvisory published by McAfee reads,\r\nIn the first week since the vulnerability was disclosed, McAfee has identified over 100 unique exploits and counting, with most of the initial targets residing in the United States at the time of writing.\r\nIn a case where an attacker was trying to propagate the malware through the bootlegged copy of the hit - album "Thank U, Next" from Ariana Grande, the experts say the majority of initial targets were in the United States with the naming of an "Ariana Grande - thank u, next(2019) .rar" file.\r\n\r\n\r\n\r\nA limited number of antivirus solutions are currently identifying the file associated with the fake Ariana Grande hit album.\r\n\r\nIt is recommended that only the latest version of WinRAR should be used\u00a0and files from untrusted sources should not be opened.