April 3, 2023 By Bill Toulas
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system.
Self-extracting archives (SFX) created with compression software like WinRAR or 7-Zip are essentially executables that contain archived data along with a built-in decompression stub (the code for unpacking the data). Access to these files can be password-protected to prevent unauthorized acces.
The purpose of SFX files is to simplify distribution of archived data to users that do not have a utility to extract the package.
