WinRAR is a free download that's extremely popular around the world for compressing and decompressing files on PCs. But a researcher has found a security flaw that could let hackers compromise machines running the program, allowing for control of the victim's computer, surveillance of the computer and data theft.
Attackers can insert malware into compressed archives that the victim opens with WinRAR. Because all that's required to execute the attack is the victim opening the file, this vulnerability is considered critical.
Cyberattackers would likely use phishing campaigns to spread the malware to WinRAR users. The Iranian security researcher who discovered the flaw, Mohammad Reza Esppargham, released the following video to demonstrate how the attack works.
WinRAR hasn't released a patch for the vulnerability, but did offer some good advice that applies across the board when it comes to your cybersecurity. "We can only remind users once again to run .exe files ... only if they are received from a trustworthy source." Don't open attachments or files that you didn't specifically solicit, and you'll be that much more secure from malicious software. For more information on your personal cybersecurity, visit our Komando.com Security Center.