19-Year-Old WinRAR Vulnerability Leads To Over 100 Malware Exploits

“Last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that’s easily exploited by hackers and malware distributors,” writes SlashGear. Slashdot reader Iwastheone quotes their report: Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension, so that when opened they can automatically extract malware programs. These programs are installed in a PC’s startup folder, allowing them to start running anytime the computer is turned on, all without the user’s knowledge.

Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the U.S.


WinRar 5.70, released in late January, patches the behavior, but “it must be manually downloaded and installed from the website, leaving most users unaware of the critical update,” the article warns.

It also estimates that during the last 19 years WinRar has been downloaded over 500 million times.