All crypto holders want to protect their Bitcoin and other digital assets. Unfortunately, there are a lot of potential attacks that could compromise your crypto, and no one wants this.
There’s a very worrisome Reddit thread that caught our attention, and we strongly recommend that you consider it as well. A few hours ago, a Redditor issued a severe warning regarding a WinRAR exploit and the news is confirmed by Ars Technica.
People usually don’t open random exe files, but they do open WinRAR ones. It seems that there’s a WinRAR exploit on the loose that will make millions of victims if people don’t take action as soon as possible.
How does the exploit work?
Redditor u/Kain_niaK warns crypto enthusiasts and details how this exploit works: “You open the wrong rar file with an unpatched version of WinRAR, and a payload is dropped into your windows startup folder. Which means on reboot you will load up an exe.”
The user continued and made a valid point by saying: “And nobody ever updates their WinRAR. And rar files are used intensively on usenet and also in torrents. So there are probably at least a 100 million computers with an unpatched version of WinRAR on it.”
This exploit reportedly has the ability to steal a lot of cryptos if it’s not dealt with.
It’s essential that you patch your WinRAR now and the same Redditor offers the website where you have to go and download the latest version of the app.
“Search and delete and destroy any version on your computer you can find that’s under WinRAR 5.70,” the user continues.
The Redditor goes on and says that “the .dll file that contains the actual bug is unacev2.dll because the bug is in ACE, not in WinRAR. WinRAR has just dropped support for ACE in 5.7 and removed the .dll file from their install.”
All programs that come with ACE support are vulnerable, and these include more than WinRAR – we’re also talking about Total Commander.
All computers with older versions of WinRAR have to update it to version 5.7 or higher.
A big red flag
This severe issue is just another red flag suggesting that you should definitely use a cold or hot wallet system with a separate computer that won’t be connected to the Internet.
Hackers need something really advanced in order to be able to steal Bitcoin and crypto from such a system, and this is not that easy to achieve.
The news triggered an intense debate in the comments section regarding hardware wallets, electrum wallet within TailsOS and more. We recommend that you head over to Reddit and follow the thread.