![[Img #74664]](https://thelatestnews.world/wp-content/uploads/2024/12/James-Watson-The-controversial-genius-behind-the-double-helix-150x150.jpg)
While it is true that we can use almost any object as a weapon in an extreme case, it seems that this also carries over somewhat to the digital domainbecause as we read in Bleeding ComputerRussian hackers have managed to get hold of VPN accounts to later make use of WinRAR as if it were malware/ransomware.
However, its operation is more rudimentary, since it is a script called RoarBAT, written in BAT as its name indicates, which searches for files in the formats doc, docx, rtf, txt, xls, xlsx, ppt, pptx, vsd, vsdx, pdf, png, jpeg, jpg, zip, rar, 7z, mp4, sql, php, vbk, vib, vrb, p7s, sys, dll, exe, bin and datand archives them with WinRAR using the “-df” option.
This option deletes the source files after archiving is complete, so, at that time, the only existing copy of the files is the archived one. This copy is later deleted by RoarBAT, making the files disappear, something that happens periodically since RoarBAT is executed through a scheduled task.
For computers running Linux, a similar attack vector exists via Bash and the dd tool, although both have ended up wiping out a large amount of data from government computers.. The system used for deletion puts on the table the possibility of recovering, at least, the compressed filesbut it’s still a problem.
End of Article. Tell us something in the Comments!
