Tag

Winrar

All articles tagged with #winrar

security27 days ago•35 min saved

Amaranth-Dragon weaponizes WinRAR flaw for Southeast Asian espionage campaigns

Check Point Research ties Amaranth-Dragon to APT-41, detailing 2025 campaigns across Southeast Asia targeting government and law‑enforcement entities that weaponized the WinRAR CVE-2025-8088 flaw to drop and execute malicious payloads via weaponized archives. The ops use the Amaranth Loader to unload Havoc C2 and later TGAmaranth RAT with a Telegram-based C2 and geo‑restricted infrastructure, plus anti-EDR techniques. The attacks show rapid exploitation of new vulnerabilities and emphasize patching, phishing/weaponized archives, and defense‑in‑depth for regional governments and critical services.

via Check Point Software|

#amaranth-dragon #apt-41 #cve-2025-8088

technology1 month ago•3 min saved

WinRAR CVE-2025-8088 Seized by State and Criminal Actors After Patch

Google’s Threat Intelligence Group reports active exploitation of WinRAR CVE-2025-8088 by both state-backed and financially motivated actors, even after a patch (WinRAR 7.13, July 30, 2025). The flaw is used for initial access via a path-traversal method that drops a malicious LNK in the Windows Startup folder/ADS, with campaigns tied to RomCom/UNC4895, UNC2596 (Cuba ransomware), Sandworm, Gamaredon, Turla, and a China-based actor delivering Poison Ivy, deploying payloads such as SnipBot, AsyncRAT, and XWorm and even browser extensions for Brazilian banking sites. The widespread activity underscores an active underground market for exploits and persistent defense gaps, with a separate flaw CVE-2025-6218 also being exploited by multiple groups.

via The Hacker News|

#cve-2025-8088 #malware #ransomware

security1 month ago•4 min saved

WinRAR ADS path-traversal flaw drives ongoing global intrusions

Security researchers warn that WinRAR CVE-2025-8088, a high-severity path-traversal flaw abusing Alternate Data Streams to drop payloads, remains actively exploited by both state-backed groups and financially motivated criminals. The exploit chain hides malicious ADS inside decoy files and uses directory traversal to drop LNK/HTA/BAT/CMD payloads that execute on login. Actors such as RomCom/UNC4895, APT44, TEMP.Armageddon, Turla, and China-linked groups have used it for espionage and malware delivery, while criminals distribute RATs and info-stealers, with exploits marketed by underground actors. The activity underscores exploit commoditization and emphasizes the need to patch WinRAR promptly to mitigate ongoing risk.

via BleepingComputer|

#alternate-data-streams #cve-2025-8088 #path-traversal

technology6 months ago•2 min saved

Multiple Threats Exploit WinRAR Zero-Day in Global Attacks

A critical zero-day vulnerability in WinRAR has been actively exploited for weeks by two Russian cybercrime groups, RomCom and Paper Werewolf, through malicious archives in phishing attacks. The vulnerability, CVE-2025-8088, was exploited to plant malicious files and was patched within six days of discovery, highlighting the sophistication and resource investment of the attackers.

via Ars Technica|

#cybersecurity #exploitation #russia

cybersecurity6 months ago•4 min saved

Russian Hackers Exploit WinRAR Zero-Day to Spread RomCom Malware

Russia-linked attackers exploited a high-severity WinRAR vulnerability (CVE-2025-8088) before it was patched, using targeted spearphishing campaigns against European and Canadian companies. The vulnerability involves a path-traversal flaw that was exploited via malicious archives containing ADSes, leading to malware deployment and backdoors like Mythic, SnipBot, and RustyClaw. Multiple threat groups, including RomCom and Paper Werewolf, have used this zero-day in targeted attacks, highlighting the importance of timely updates and vigilance.

via theregister.com|

#cve-2025-8088 #cyberattacks #cybersecurity

technology6 months ago•3 min saved

WinRAR Zero-Day Exploits Lead to Widespread Malware Attacks

Researchers revealed that the Russian RomCom hacking group exploited a previously unknown WinRAR path traversal vulnerability (CVE-2025-8088) in July 2025 to deliver malware via malicious archives, leading to the release of a patch by WinRAR. The attack involved hiding malicious files in alternate data streams and executing malware upon archive extraction, with multiple malware families identified. Users are advised to update WinRAR manually as it lacks an auto-update feature.

via BleepingComputer|

#cve-2025-8088 #malware-payloads #romcom-hacking-group

cybersecurity6 months ago•12 min saved

Urgent: Update WinRAR to Patch Zero-Day Vulnerability Exploited by Hackers

ESET researchers discovered a zero-day vulnerability in WinRAR, exploited by the Russia-aligned group RomCom in targeted campaigns against European and Canadian sectors, leading to the deployment of backdoors and malware. WinRAR released a patch promptly, and users are advised to update immediately to mitigate ongoing threats.

via WeLiveSecurity|

#cyberattack #cybersecurity #exploitation

security6 months ago•3 min saved

Urgent: WinRAR Zero-Day Exploits Enable Malware and Phishing Attacks

The WinRAR utility has released version 7.13 to fix a critical zero-day vulnerability (CVE-2025-8088) actively exploited in the wild, which could allow attackers to execute arbitrary code through malicious archive files. The vulnerability, related to path traversal, has been linked to recent attacks by threat groups like Paper Werewolf, targeting Russian organizations via phishing. Users are urged to update to the latest version immediately to mitigate risks.

via The Hacker News|

#cve-2025-8088 #security #update

technology6 months ago•2 min saved

Critical WinRAR Vulnerability Used in Malware and Phishing Attacks

A critical security vulnerability in Windows WinRAR (CVE-2025-8088) allows attackers to craft malicious archive files that can place malware in system folders, including startup directories, leading to automatic execution of malicious code at startup. The flaw has been exploited in phishing campaigns by the RomCom cyber-espionage group. Users are urged to update to WinRAR version 7.13 Final manually to patch the vulnerability and enhance security.

via TechSpot|

#cve-2025-8088 #malware #phishing

cybersecurity2 years ago•2 min saved

DarkCasino: APT Threat Exploiting WinRAR Flaw Uncovered by Experts

DarkCasino, an economically motivated Advanced Persistent Threat (APT) group, has been identified as exploiting a recently disclosed security flaw in WinRAR as a zero-day. The group, previously associated with phishing campaigns, has demonstrated strong technical abilities and a desire to steal online property. The exact origin of DarkCasino is unknown, but its attacks have targeted users of online financial services and cryptocurrencies worldwide. Multiple threat actors, including APT28, APT29, and Sandworm, have also exploited the WinRAR vulnerability, posing uncertainties for APT attacks in the second half of 2023.

via The Hacker News|

#advanced-persistent-threat #cyberattacks #cybersecurity

cyber-threat-vulnerability2 years ago•2 min saved

WinRAR Vulnerability Exposes Users to State-Backed Threat Actors

State-backed threat actors from Russia and China have been exploiting a security flaw in the WinRAR archiver tool for Windows, known as CVE-2023-38831, which allows arbitrary code execution. Google Threat Analysis Group (TAG) has identified three different clusters involved in the exploitation: FROZENBARENTS (aka Sandworm), FROZENLAKE (aka APT28), and ISLANDDREAMS (aka APT40). These threat actors have been launching phishing campaigns and distributing malicious ZIP files containing the exploit to target organizations in Ukraine and Papua New Guinea. The attacks result in the deployment of various malware, including commodity stealers and backdoors. The widespread exploitation of this known vulnerability highlights the effectiveness of such exploits, even when patches are available.

via The Hacker News|

#cyber-threat-vulnerability #exploitation #google-tag

cybersecurity2 years ago•1 min saved

WinRAR Security Vulnerability Exploited by Russian and Chinese Hackers

Government-backed hackers from Russia and China have been exploiting a known vulnerability in outdated versions of WinRAR, a popular compression tool used by over 500 million users. The vulnerability allows hackers to spoof file extensions and hide malicious scripts within seemingly harmless files. Google's Threat Analysis Group (TAG) has identified hacker groups, including the Russian Armed Forces group "Sandworm" and China's "APT 40," exploiting this vulnerability in targeted campaigns. Google urges users to update their WinRAR software to the latest version to protect against these attacks and emphasizes the importance of regular software updates for cybersecurity.

via Gizmodo|

#cybersecurity #government-backed-hackers #hacking

cybersecurity2 years ago•2 min saved

WinRAR's Security Vulnerability Exploited by Russian and Chinese Hackers

Google security researchers have discovered evidence that government-backed hackers linked to Russia and China are exploiting a previously patched vulnerability in WinRAR, a popular archiving tool for Windows. The vulnerability, known as CVE-2023-38831, allows attackers to hide malicious scripts in archive files. Despite an updated version of WinRAR being released, multiple state-backed hacking groups, including Sandworm and Fancy Bear from Russia, and APT40 from China, have been observed exploiting the flaw in targeted phishing campaigns. The ongoing exploitation of this bug highlights the effectiveness of known vulnerability exploits due to slow patching rates.

via TechCrunch|

#china #cybersecurity #government-backed-hackers

technology2 years ago•1 min saved

"WinRAR Vulnerability Exploited by State-Sponsored Hackers"

Multiple government-backed hacking groups have been exploiting a security vulnerability in WinRAR since early 2023, prompting Google's Threat Analysis Group (TAG) to issue a warning and release a patch. The vulnerability allows attackers to execute arbitrary code when a Windows user opens certain files within a ZIP archive. Despite the availability of a patch, many users remain vulnerable as WinRAR does not have an auto-update feature. The exploit has also been used to target cryptocurrency trading accounts. Users are advised to manually download and install the latest WinRAR update or utilize the native support for RAR 7-zip files in Windows 11.

via The Verge|

#exploit #patch #security-vulnerability

technology2 years ago•3 min saved

Windows 11 Enhancements: RAR Support, Mind-Reading Settings, Default Browser Respect, Hover Search, and Redesigned Homepage

Windows 11's upcoming version 23H2 will introduce native support for RAR, TAR, 7Z, and other file compression formats, eliminating the need for third-party apps. However, tests comparing the updated File Explorer to popular apps like WinRAR and NanaZIP revealed that the native support in File Explorer is significantly slower and less convenient. While it may suffice for occasional users, frequent archive users are unlikely to abandon dedicated apps due to their superior performance and additional features. Nonetheless, Microsoft's implementation of native archive support in Windows 11 is a step towards improving the user experience.

via Neowin|

#file-explorer #nanazip #rar-support