To steal coins from such a system you need something as advanced as stuxnet malware. And now you can't trust it anymore, unless you update.Īll of this is also again a reminder to use a cold wallet/hot wallet system with a seperate computer that can not go on the internet. Winrar simply is a piece of software that is trusted by almost everybody. The payload tries to fool you into thinking it's teamviewer, probably not the most sophisticated malware attack but more attacks will follow. Check %appdata%\Microsoft\Windows\Start Menu\Programs\Startup\ for a file called "IntelAudio.exe" Don't get If you downloaded and opened that leaks.rar that was posted here today about a big bitfinex leak, well you are infected now. If you happen to be on any random computer with an older version of winrar, please replace it with 5.7 or higher. All software with ACE support is vulnerable which is not just winrar but also software like Total Commander among others.
Winrar has just dropped support for ACE in 5.7 and removed the. crx Chrome Extension 7-Zip (Windows) Google.
dll file that contains the actual bug is unacev2.dll because the bug is in ACE, not in winrar. This file format extension list gives an overview about the huge amount of different. Search and delete and destroy any version on your computer you can find that's under WinRAR 5.70 The plugin is featured as authomated installer/unistaller, copying all needed files to default PeaZip's installation path.
I can guarantee it.īeing safe means to PATCH YOUR WINRAR!!!!! Go to and download the latest version. This plugin allows PeaZip (1.9.1 or more recent) to handle ACE archives for flat browsing, extraction and test. So this is going to steal a shitload of coins. So there are probably at least a 100 million computers with an unpatched version of winrar on it.
And rar files are used intensively on usenet and also in torrents. Which means on reboot you will load up an exe.Īnd nobody ever updates their winrar. You open the wrong rar file with an unpatched version of winrar and a payload is dropped in to your windows startup folder. Well there is a winrar exploit now, that is going to make millions of victims. You don't open random exe files from the internet? Might even drop an exe in to before you open it if youĪre doubting to see how the rest of the internet feels about that file.īut you probably don't think twice about opening winrar file.