🔍 Summary:
A severe zero-day vulnerability in the popular WinRAR file compression software has been actively exploited by two Russian cybercrime groups, according to security firm ESET. The vulnerability allows attackers to backdoor computers by getting users to open malicious archives sent via personalized phishing emails. ESET first detected suspicious activity on July 18 and identified the vulnerability by July 24, promptly notifying WinRAR developers who issued a fix six days later.
The exploit, now known as CVE-2025-8088, leverages a path traversal flaw in WinRAR by abusing Windows’ alternate data streams to execute malicious code in normally protected Windows directories. This vulnerability was exploited by the RomCom group, a well-resourced, financially motivated Russian crime group known for its sophisticated cyber operations. This marks at least the third instance of RomCom exploiting zero-day vulnerabilities.
Interestingly, another group identified as Paper Werewolf by Russian security firm Bi.ZONE was also found exploiting the same WinRAR vulnerability. Paper Werewolf, also known as GOFFEE, used the exploit to deliver malware through emails impersonating employees from a Russian research institute, aiming to gain access to infected systems.
ESET observed multiple execution chains in the attacks, including one that used a malicious DLL file to execute a payload through COM hijacking, and others that delivered different malware known to be associated with RomCom. These attacks highlight the ongoing risk posed by WinRAR vulnerabilities, exacerbated by the software’s lack of an automated update mechanism, requiring users to manually install patches.
Given the continuous emergence of WinRAR zero-days and the software’s extensive user base, users are advised to ensure they are using the latest version of WinRAR, which includes fixes for known vulnerabilities.
📌 Source: https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/
![Meta Ray-Bans get a sleek new translucent limited edition release [Gallery] – 9to5Google](https://i0.wp.com/neuratrendai.com/wp-content/uploads/2025/03/image-148.jpg?fit=1024%2C683&ssl=1)
