All articles tagged with #winrar
A critical zero-day vulnerability in WinRAR has been actively exploited for weeks by two Russian cybercrime groups, RomCom and Paper Werewolf, through malicious archives in phishing attacks. The vulnerability, CVE-2025-8088, was exploited to plant malicious files and was patched within six days of discovery, highlighting the sophistication and resource investment of the attackers.
Russia-linked attackers exploited a high-severity WinRAR vulnerability (CVE-2025-8088) before it was patched, using targeted spearphishing campaigns against European and Canadian companies. The vulnerability involves a path-traversal flaw that was exploited via malicious archives containing ADSes, leading to malware deployment and backdoors like Mythic, SnipBot, and RustyClaw. Multiple threat groups, including RomCom and Paper Werewolf, have used this zero-day in targeted attacks, highlighting the importance of timely updates and vigilance.
Researchers revealed that the Russian RomCom hacking group exploited a previously unknown WinRAR path traversal vulnerability (CVE-2025-8088) in July 2025 to deliver malware via malicious archives, leading to the release of a patch by WinRAR. The attack involved hiding malicious files in alternate data streams and executing malware upon archive extraction, with multiple malware families identified. Users are advised to update WinRAR manually as it lacks an auto-update feature.
ESET researchers discovered a zero-day vulnerability in WinRAR, exploited by the Russia-aligned group RomCom in targeted campaigns against European and Canadian sectors, leading to the deployment of backdoors and malware. WinRAR released a patch promptly, and users are advised to update immediately to mitigate ongoing threats.
The WinRAR utility has released version 7.13 to fix a critical zero-day vulnerability (CVE-2025-8088) actively exploited in the wild, which could allow attackers to execute arbitrary code through malicious archive files. The vulnerability, related to path traversal, has been linked to recent attacks by threat groups like Paper Werewolf, targeting Russian organizations via phishing. Users are urged to update to the latest version immediately to mitigate risks.
A critical security vulnerability in Windows WinRAR (CVE-2025-8088) allows attackers to craft malicious archive files that can place malware in system folders, including startup directories, leading to automatic execution of malicious code at startup. The flaw has been exploited in phishing campaigns by the RomCom cyber-espionage group. Users are urged to update to WinRAR version 7.13 Final manually to patch the vulnerability and enhance security.
DarkCasino, an economically motivated Advanced Persistent Threat (APT) group, has been identified as exploiting a recently disclosed security flaw in WinRAR as a zero-day. The group, previously associated with phishing campaigns, has demonstrated strong technical abilities and a desire to steal online property. The exact origin of DarkCasino is unknown, but its attacks have targeted users of online financial services and cryptocurrencies worldwide. Multiple threat actors, including APT28, APT29, and Sandworm, have also exploited the WinRAR vulnerability, posing uncertainties for APT attacks in the second half of 2023.
State-backed threat actors from Russia and China have been exploiting a security flaw in the WinRAR archiver tool for Windows, known as CVE-2023-38831, which allows arbitrary code execution. Google Threat Analysis Group (TAG) has identified three different clusters involved in the exploitation: FROZENBARENTS (aka Sandworm), FROZENLAKE (aka APT28), and ISLANDDREAMS (aka APT40). These threat actors have been launching phishing campaigns and distributing malicious ZIP files containing the exploit to target organizations in Ukraine and Papua New Guinea. The attacks result in the deployment of various malware, including commodity stealers and backdoors. The widespread exploitation of this known vulnerability highlights the effectiveness of such exploits, even when patches are available.
Government-backed hackers from Russia and China have been exploiting a known vulnerability in outdated versions of WinRAR, a popular compression tool used by over 500 million users. The vulnerability allows hackers to spoof file extensions and hide malicious scripts within seemingly harmless files. Google's Threat Analysis Group (TAG) has identified hacker groups, including the Russian Armed Forces group "Sandworm" and China's "APT 40," exploiting this vulnerability in targeted campaigns. Google urges users to update their WinRAR software to the latest version to protect against these attacks and emphasizes the importance of regular software updates for cybersecurity.
Google security researchers have discovered evidence that government-backed hackers linked to Russia and China are exploiting a previously patched vulnerability in WinRAR, a popular archiving tool for Windows. The vulnerability, known as CVE-2023-38831, allows attackers to hide malicious scripts in archive files. Despite an updated version of WinRAR being released, multiple state-backed hacking groups, including Sandworm and Fancy Bear from Russia, and APT40 from China, have been observed exploiting the flaw in targeted phishing campaigns. The ongoing exploitation of this bug highlights the effectiveness of known vulnerability exploits due to slow patching rates.
Multiple government-backed hacking groups have been exploiting a security vulnerability in WinRAR since early 2023, prompting Google's Threat Analysis Group (TAG) to issue a warning and release a patch. The vulnerability allows attackers to execute arbitrary code when a Windows user opens certain files within a ZIP archive. Despite the availability of a patch, many users remain vulnerable as WinRAR does not have an auto-update feature. The exploit has also been used to target cryptocurrency trading accounts. Users are advised to manually download and install the latest WinRAR update or utilize the native support for RAR 7-zip files in Windows 11.
Windows 11's upcoming version 23H2 will introduce native support for RAR, TAR, 7Z, and other file compression formats, eliminating the need for third-party apps. However, tests comparing the updated File Explorer to popular apps like WinRAR and NanaZIP revealed that the native support in File Explorer is significantly slower and less convenient. While it may suffice for occasional users, frequent archive users are unlikely to abandon dedicated apps due to their superior performance and additional features. Nonetheless, Microsoft's implementation of native archive support in Windows 11 is a step towards improving the user experience.
A zero-day vulnerability in the popular file-compression program WinRAR has been actively exploited for four months by unknown attackers. The vulnerability allows hackers to execute malicious code when targets open booby-trapped JPGs and other innocuous files inside ZIP archives. The attackers have been using the exploit to install malware, including DarkMe, GuLoader, and Remcos RAT, and withdraw money from broker accounts. The total number of victims and financial losses is unknown, but at least 130 individuals have been compromised. WinRAR developers have released a fix for the vulnerability, and users are advised to update to version 6.23 to protect themselves.
A high-severity security flaw has been discovered in the WinRAR utility, allowing potential remote code execution on Windows systems. The vulnerability, tracked as CVE-2023-40477, is caused by improper validation while processing recovery volumes. Exploiting the flaw requires user interaction, such as visiting a malicious page or opening a booby-trapped archive file. The issue has been addressed in WinRAR 6.23, released on August 2, 2023. Users are advised to update to the latest version to mitigate potential threats.
Microsoft has announced that Windows 11 will natively support RAR files, as well as other file compression formats like 7-Zip, tar, and gz, thanks to leveraging the open-source libarchive project. This move eliminates the need to download WinRAR or other file compression apps to open RAR files on Windows 11.