WinRAR, one of the most popular compression software options available on the planet, is currently at risk of a huge exploit. The app has been around for years, and while many have downloaded it, most probably don’t keep it updated to the latest version, as they only open it when compressing or uncompressing files.
If you use WinRAR, though, it’s recommended that you update it immediately to the latest version of the available software, as government-backed hackers in China and Russia have exploited a known vulnerability in outdated versions of the app. With over 500 million users, the pool of available victims for bad actors is massive.
Google’s Threat Analysis Group (TAG) revealed this week that it has observed a number of government-backed hacking campaigns that utilize the bug as far back as early 2023. Organizations and users running the popular compression software should update it immediately to avoid these issues, as the WinRAR exploit exists in all versions prior to version 6.23.
“The cybercriminals are exploiting a vulnerability that allows them to spoof file extensions,” Andrey Polovinkin, a malware analyst with Group-IB shared in a blog post back in August. “They are able to hide the launch of malicious script within an archive masquerading as a ‘.jpg’, ‘.txt’, or any other file format.”
This is a huge issue and one that users will want to rectify immediately by updating WinRAR. WinRAR also shared a note when it released the latest version, thanking Group-IB and the Zero Day Initiative for making them aware of this long-standing vulnerability so that they could patch it.
Most users don’t update their software as regularly as updates are released, and while it isn’t always the case, this latest WinRAR exploit is a great reminder of why you should always make sure to update software, even if you don’t use it outside of very specific points. We’ve seen several new ways to release dangerous malware popping up in recent months. As always, the best practice you can take up is to always keep software and apps up to date and look out for announcements like this.