Do you have WinRAR installed on your PC with Windows? Then you are probably vulnerable to attack. RARLab patched a dangerous security bug at the end of February 2019, but WinRAR does not update automatically. Most WinRAR installations remain vulnerable.
What is the danger of WinRAR on the computer?
WinRAR contains a defect that allows a .RAR file to be downloaded to automatically extract an .exe file to its Startup folder. That file.exe will start automatically the next time you log in to your PC, and could infect your PC with malware.
Specifically, this failure is the result of compatibility with WinRAR ACE files. An attacker simply needs to create a specially designed ACE file and give it the file.RAR extension. When extracting the file with a vulnerable version of WinRAR, it can automatically place the malware in its home folder without any additional user action.
This serious defect was found by the researchers at Check Point Software Technologies. WinRAR contained an old DLL of 2006 to allow support for ACE files, and that file has now been removed from the latest versions of WinRAR, which no longer support ACE files. Do not worry, the ACE files are very rare.
However, unless you have already heard of this "crossing the road" defect, you may be at risk. WinRAR is not updated automatically. We are also very disappointed that the WinRAR website does not highlight information about this security flaw and instead bury it in the WinRAR release notes.
WinRAR has 500 million users worldwide, and we are sure that most of those users have not yet heard of this error and have updated WinRAR.
Although an update was published in February, this story continues to gain strength. McAfee security researchers had identified more than 100 unique online exploits in mid-March, and most of the users attacked were in the United States.
For example, a pirated copy of Ariana Grande's album «Thank U, Next» with the file name «Ariana_Grande-thank_u,next (2019)(320) .rar »available online is being used to install malware through vulnerable versions of WinRAR.
How to check if you have WinRAR installed
If you are not sure if you have WinRAR installed, perform a search in the Start menu of «WinRAR». Now, if you see a WinRAR shortcut, it is installed. If you do not see a WinRAR shortcut, it is not.
What versions of WinRAR are vulnerable?
If you see WinRAR installed, you should check if you are running a vulnerable version. To do this, run WinRAR and click Help> About WinRAR.
WinRAR versions 5.70 and later are secure. If you have an older version of WinRAR, it is vulnerable. This security flaw has existed in all versions of WinRAR released in the last 19 years.
If you have version 5.70 beta 1 installed, it is also safe, but we recommend that you install the latest stable version.
How to protect your computer from malicious RARs
If you want to continue using WinRAR, visit the RARLab website, download the latest version of WinRAR and install it on your computer.
WinRAR is not automatically updated, so the WinRAR software on your computer will remain vulnerable until it does.
You can also uninstall WinRAR from the Control Panel. We are not big fans of WinRAR, which is a test software that requires you to pay or to endure the annoying screens.
Instead, we recommend that you install the free and open source 7-Zip software, which is our favorite unarchived software. 7-Zip can open RAR files as well as other file formats such as ZIP and 7z.
If you do not like the obsolete icons of the program, you can get more attractive icons for 7-Zip.
Whichever software you use, we recommend that you install and activate a robust antivirus. Antivirus software can often detect malware like this and prevent it from being installed even if you are using vulnerable software. Although the security software is not perfect and you can not count on it to catch every piece of malware online. That is why it is important to have a multi-level defense strategy.