WinRAR SFX archives can run PowerShell without being detected

Malcontent · Apr 3, 2023

Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system.

Researchers at cybersecurity company CrowdStrike spotted the SFX abuse during a recent incident response investigation.
Click to expand...

WinRAR SFX archives can run PowerShell without being detected

xxJackxx · Apr 6, 2023

The researchers advise users to pay particular attention to SFX archives and use appropriate software to check the content of the archive and look for potential scripts or commands scheduled to run upon extraction.
Click to expand...

I assume you would need to know the .exe was a SFX file, open it with WinRAR, but not execute it. Lots of maybes there. I also assume this is pretty easy to exploit.

Log in or Sign up

WinRAR SFX archives can run PowerShell without being detected

Malcontent Registered Member

xxJackxx Registered Member

Log in or Sign up

WinRAR SFX archives can run PowerShell without being detected

Malcontent Registered Member

xxJackxx Registered Member

Useful Searches