WinRAR File Extension Spoofing vulnerability allows Hackers to Hide Malware
WinRAR File Extension Spoofing vulnerability allows Hackers to Hide Malware: Imagine, You Open a Winrar archive of MP3 files, but what if it will install a malware into your system when you play anyone of them.
WinRAR, a widely used file archiver and data compression utility helps hackers to distribute malicious code. Israeli security researcher Danor Cohen (An7i) discovered the WinRAR file extension spoofing vulnerability.
WinRAR file extension spoofing vulnerability allows hackers to modify the filename and extension inside the traditional file archive, that helps them to hide binary malicious code inside an archive, pretending itself as ‘.jpg’ , ‘.txt’ or any other format.
Using a Hex editor tool, he analysed a ZIP file and noticed that winrar tool also adds some custom properties to an archive, including two names – First name is the original filename (FAX.png) and second name is the filename (FAX.png) that will appear at the WINRAR GUI window.
Danor manipulated the second filename and extension to prepare a special ZIP archive, that actually include a malware file “FAX.exe”, but displaying itself as “FAX.png” to the user.