The 19-year-old vulnerability was disclosed by checkpoint security researchers last week, the v ulnerability resides in the WinRAR UNACEV2.DLL library. Vulnerability can be exploited by an attacker with specially crafted ACE archive and to extract the file in windows startup folder to gain the persistence and to get launched automatically once the user logged in to the computer. The backdoor is generated MSF and it extracts to users startup folder. The malware gets extracted to CMSTray.exe and it will be launched upon next login.”]
Source: https://gbhackers.com/first-malspam-campaign-winrar/