Warning! JavaScript is turned off or disabled! Some features on this website will not work.
Alerts left arrow right arrow   

Beware of WinRAR Archive .R01, .R05, .R15, .R20, .R25 Malicious Email Attachments

Comments  +
Beware of WinRAR Archive .R01, .R05, .R15, .R20, .R25 Malicious Email Attachments

Online users who have received unexpected email messages with attached files with names ending with ".r01", ".r02", ".r03", ".r05", ".r10", ".r12", ".r15", ".r20", ".r25" and so on... are asked not to open them. This is because the fake email messages are being sent by cyber criminals and the attachments are WinRAR compressed archived files that contain malware, malicious programs or computer viruses. And, any attempt to open the malicious attachments will result in the recipients getting their computers infected with a virus, Trojan horse, spyware, ransomware or other malware.

Please continue below.

A Malicious WinRAR Archive .R01... Email Message

Subject: INVOICE NO 3
Date: Tue 15/08/2017 08:07
From: Sadiya Sayeed
Attachment: INVOICE NO 3.r20

Dear sir/madam,

Find and open attached document by double clicking it, because document is protected.

advice according invoice.

best regards


Sadia Saeed

Sales & Technical Manager

Mobile: +63 926 618 1579

+63 998 889 2257

Tel: +63 442 4295


The .RAR compression is similar to ZIP which is the most popular file compression or archive formats.

Cyber criminals usually store their malware in compressed files to help prevent antivirus software from detecting them. In other words, they do it because the compressed malicious email attachments may bypass the recipients' antivirus software.

What is a ".RAR" file?

RAR is the native format of WinRAR archiver. Like other archives, RAR files are data containers, they store one or several files in the compressed form. The data-containers or split multi-volume RAR compressed files archive use file extensions or names ending with:

".r01", ".r02", ".r03", ,".r04", ".r05", ".r06", ".r07", ".r08", ".r09", ".r10", ".r11", ".r12", ".r13", ".r14", ".r15", ".r16", ".r17", ".r18", ".r19", ".r20", ".r21", ".r22", ".r23", ".r24", ".r25", ".r26", ". r27", ". 28", ". 29", ". 30" and so on.

After you have downloaded RAR file from the Internet, you need to unpack its contents in order to use it.

Please share with us what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward malicious or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Share this on:

and/or ContributionDonate

Would you recommend this article to a friend or family member?
Yes (1) No (0)   

Comments, Questions and Reviews
Comment(Total: 1)

To help protect your privacy, please do not post your full name, telephone number, email address, username, password, account number, credit card information or home address in your comments, questions, or reviews.

Write a Comment, Review, or ask a Question or scroll down to view comments, reviews and questions made by others.

The comments or reviews below do not necessarily reflect the views of Online Threat Alerts.

  • Posted: Nov 22, 2017 by info

    Here is another scam:

    -- -- --
    "RE: Quotation
    Wed 22/11/2017 16:34
    From: Fred
    Attachment: Quotation.r12 (265 KB)

    I have tried reaching you but no response.
    This is my alternative email.

    Kindly check if the attached quotation is still valid?
    Your prompt reply is highly appreciated.

    Thanks in advance.



Submit Comment Write Your Comment, Question or Review

Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.
All comments, questions or reviews will be examined for derogatory or indecent statements, spam or malicous code, before they are posted on this website.