The free online archive extractor and virus / malware scanner

RAR Files Used for Malicious Actions


What is a RAR File? Disambiguation.

Before understanding how a RAR file can be used for performing malicious activities, you must familiarize yourself with what exactly is a RAR file, first. Basically, it is an archive type of file – a container for keeping a bulk of other files together. That makes its usage highly accessible and useful, and it is one of the most widely used archive file formats to this day. Developed by a Russian software engineer, the archive bears his name, hence it’s called RAR (Roshal Archive).

How can a RAR File be Used for Malicious Actions?

RAR files have a few extensions, and can have more than one use. People usually use them to send documents, pictures and similar types of data. However, RAR files break into the extensions .rar and .rev, where the former is the more widely used extension and the latter is used for recovery volume set. If you see an extension .r01 or with other numbers, know that is how past versions of RAR made multi-volume archives.

Malware creators nowadays search for more simple, yet effective ways for distributing their malware such as viruses, ransomware, Trojans etc. To do that, they have to think of ways to pass the scanners of security software, be it Anti-virus, anti-malware applications, as well as some other defense mechanisms. In many cases, they put malicious code inside file types used in a daily basis, which to be fully assembled upon a certain action completes.

To obfuscate that code and make it hard for security software to detect it, a RAR file is being used, sometimes even more than once. For instance, a few files that contain the malicious script that assembles a virus, or downloads its files once executed, is enclosed inside a .rar archive, which itself is put inside another .rar file. Not all security mechanisms detect that, and even some AV scanners don’t detect files wrapped in multiple archives. Moreover, cybercriminals use this type of hiding their malware, because it is very easy and accessible, plus the fact that almost everybody uses RAR files to send out files.