WinRAR zero-day exploited to plant malware on archive extraction

WinRAR zero-day exploited to plant malware on archive extraction

A new WinRAR vulnerability, CVE-2025-8088, was exploited in zero-day phishing attacks to deliver RomCom malware, a Russia-linked hacking group. Users are advised to update their WinRAR software immediately to prevent remote code execution and malware infection. #WinRAR #RomCom #CVE-2025-8088

Keypoints

  • The vulnerability allows specially crafted archives to extract files into attacker-controlled paths like the Windows Startup folder.
  • The flaw was exploited in phishing emails with malicious RAR attachments to deliver RomCom backdoors.
  • RomCom is a Russian hacking group known for ransomware, credential theft, and zero-day exploitation.
  • The flaw was fixed in WinRAR 7.13, but users must manually update to stay protected.
  • ESET is investigating the attacks and will publish a detailed report shortly.

Read More: https://www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/