Skip to content

Security Alert: WinRAR Security Vulnerability Demands Immediate Action

WinRAR Security Alert

In a recent revelation, WinRAR, the widely-used compression tool boasting over 500 million users, has been found vulnerable to exploitation by state-backed hackers in Russia and China. This alarming security breach has prompted Google’s Threat Analysis Group (TAG) to issue an urgent warning for all users to update their WinRAR software immediately.

The vulnerability affects all WinRAR products prior to version 6.23, which was released in August following its discovery. Hackers have been capitalizing on this flaw to infiltrate systems, often concealing malicious scripts within files disguised as innocent formats like ‘.jpg’ or ‘.txt.’ This method has already impacted 130 devices on a finance forum, leading to unauthorized fund withdrawals from brokerage accounts.


One prominent hacking group, the Russian Armed Forces’ “Sandworm,” has been identified by Google as a key player in exploiting this vulnerability. Sandworm specifically targeted individuals with ties to the energy and defense sectors in Ukraine and Eastern Europe through phishing campaigns. Additionally, another group known as “APT 40,” linked to China’s State Department, launched a malicious campaign targeting Papua New Guinea.

WinRAR’s version 6.23 marks the first update addressing this critical issue. RARLAB, the developer behind the software, thanks Group-IB and the Zero Day Initiative for bringing this vulnerability to their attention. They emphasize the utmost importance of promptly installing the latest version to ensure security.

However, it’s not uncommon for users to neglect software updates, especially those who aren’t entirely at ease with computers. Despite the gravity of this situation, WinRAR lacks an auto-update feature, meaning users must manually download and install the patch.

More About the WinRAR Security Vulnerability

This security vulnerability allows attackers to execute arbitrary code when a Windows user opens files like PNG within a ZIP archive. TAG describes it as a “logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives.” This, combined with a quirk in Windows’ ShellExecute, creates a window of opportunity for exploitation.

Regrettably, this isn’t the first time WinRAR has fallen prey to such vulnerabilities. In 2019, a 19-year-old code execution exploit was discovered, potentially granting attackers full control over a victim’s computer.

Windows 11

What Should You Do Now

To safeguard your system, download the latest update immediately. Alternatively, for Windows 11 users, the latest OS update conveniently incorporates native support for RAR and 7-zip files. Remember, in the digital realm, swift action can make all the difference. Don’t leave your system exposed – update WinRAR now!

News Source(s): Gizmodo, The Verge