Undetectable PowerShell Execution via WinRAR SFX Archives
Hackers are using WinRAR self-extracting archives to plant backdoors without triggering security agents on target systems. The SFX files contain harmless decoy files and are password-protected. The attackers add malicious functionality to the SFX files, allowing them to run PowerShell, Windows command prompt, and task manager with system privileges. This type of attack is likely to remain undetected by traditional antivirus software. Users are advised to use appropriate software to check the content of SFX archives and look for potential scripts or commands scheduled to run upon extraction.