Security researchers at Cyber Intelligence Company  “IntelCrawler” have discovered a high risk vulnerability in Zipped files that allows hacker to hide a trojan inside which is not visible from outside.

WinRAR Spoofing Vulnerability used by Hackers to Hide Malware in Compressed files.
(Image Credits: Securityaffairs)

As you can see from the image above, that, what seems to look like a simple text or image file in a zipped format from outside can actually be a malicious Trojan.  When the victim unzips the file, the same can  infect the users computer.

InterCrawler says that as of  now this vulnerability is being widely used by cyber criminals to target Government agencies, international organisations, aerospace corporations, military subcontractors, and Fortune Global 500 companies.  It is also used in Social media spam campaigns.

The vulnerability works on all WinRar versions including v.5.1. Using this method the bad actors bypass some specific security measures including e-mail server’s antivirus systems. Example: “FAX.ZIP”.

The cyber criminals use a wide range of campaign to spread their malicious payload and malwares including through compromised websites and Social media networks.  InterCrawler cites an example where one of the exploiters sent a malware using the above method through a a email which pretended to be originating from European Council Legal Affairs. 


Any permanent fix to the vulnerability is yet to be released as of now.  The best way to be secure is to keep your Antivirus program updated and not to click any  kind of similar sounding files from any untrusted source.

LEAVE A REPLY

Please enter your comment!
Please enter your name here