WinRAR SFX Archives Enable Undetected PowerShell Execution

April 3, 2023 at 06:20 PM

•

1 min read

WinRAR SFX Archives Enable Undetected PowerShell Execution — Photo: BleepingComputer

TL;DR Summary

Hackers are using WinRAR self-extracting archives to plant backdoors without triggering security agents on target systems. The SFX files contain harmless decoy files and are password-protected. The attackers add malicious functionality to the SFX files, allowing them to run PowerShell, Windows command prompt, and task manager with system privileges. This type of attack is likely to remain undetected by traditional antivirus software. Users are advised to use appropriate software to check the content of SFX archives and look for potential scripts or commands scheduled to run upon extraction.

Topics:technology #backdoor #cybersecurity #powershell #sfx #winrar

Share this article

WinRAR SFX archives can run PowerShell without being detected BleepingComputer
WinRAR SFX archives can run PoweShell without being detected BleepingComputer
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

84%

547 → 88 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights