Imagine opening a file with WinRAR, and install a malicious one on you software στο σύστημά σας. Η εφαρμογή WinRAR, ένα ένα ευρέως χρησιμοποιούμενο βοηθητικό πρόγραμμα compression and data decompression. But according to the latest information from THN a flaw allows hackers to distribute malware. A security researcher from Israel, Danor Cohen (An7i) found that a feature allows spoofing in data that compresses the application. Let's see how.
The hacker states that by modifying a name file and its extension within the traditional archive, it can hide binary malicious code inside a file, pretending to be .jpg, or .txt, or any other format.
Using one tool processings Hex, analyzed a ZIP file and noticed that the application adds some custom properties to a file, which usually has two name references in the properties. The first name is the original file name (FAX.png) and the second name is again the file name (FAX.png). The file properties are displayed in the WinRAR GUI window.
Danor renamed the file to FAX.EXE and extended the malicious FAX.EXE file to FAX.PNG. After everything is easy, prepare a separate ZIP file, which contained a malware file "FAX.exe", but displayed it as "FAX.png" to the end user.
The IntelCrawler security firm also published a report that reveals that cybercriminals use this zero-day vulnerability to target aerospace companies, military subcontractors, embassies, and many other companies.
Using this technique, an attacker can install any malware in a very convincing way in the systems he chooses.
Danor managed to run it exploit successfully applied to the 4.20 version of the application, but IntelCrawler has confirmed that the vulnerability is compatible with all versions of the popular application including the latest V.5.1.
