According to a recently released post on the popular social network Reddit, a bug in WinRAR could affect crypto users around the world. Due to an outdated version of WinRAR, attackers can download to your computer a payload that will open an exe file on reboot. According to the user releasing the post, a large number of coins could be stolen with this method.
WinRAR Bug Could Affect Cryptocurrency Users
Researchers from the security firm Check Point Software discovered the initial vulnerability. Attackers could easily execute malicious code when targets opened a trapped file. This issue was found in UNACEV2.DLL which is a third-party code library that has not been updated since 2005.
The Reddit user Crypto Gold explained that there are at least 100 million computers with an unpatched version of WinRAR and that could be affected by this bug. He went on saying that the bug is in ACE, rather than WinRAR and that all software with ACE support is vulnerable.
The cryptocurrency user and Redditor recommended users to use a hardware wallet rather than a hot wallet to store digital assets. At the same time, he said that users that want to solve this issue must download the latest version of WinRAR and delete the older version from the computer.
About it, he commented:
“All of this is also again a reminder to use a cold wallet/hot wallet system with a separate computer that can not go on the internet. To steal coins from such a system you need something as advanced as Stuxnet malware. Or use a hardware wallet.”
There were some users that asked whether using hardware wallets was a good way to store virtual currencies. One of the Redditors explained that it is the safest possible way to store digital currencies since hardware wallets are disconnected from the Internet and almost unbreakable.
There have been several scams and frauds in the cryptocurrency space. For example, malware spread on the internet asking users to pay a ransom for data that was blocked to the user. In general, this data tends to be very important. If users do not pay the ransom, the funds they have to pay to tend to increase as time passes and they cannot use their computer.
It is always important to remember that the best way to store digital assets is doing so in a hardware wallet, as mentioned before.