WinRAR Security Flaw Exploited: Malware Installed via Phishing Emails
A critical security vulnerability in WinRAR, identified as CVE-2025-8088, has been exploited by cybercriminals to deliver malware. The flaw, discovered by cybersecurity researcher Samuel Groß, allows attackers to execute arbitrary code by crafting malicious archive files.
The vulnerability, a directory traversal bug, was fixed in WinRAR version 7.13. However, before the patch, attackers exploited it to place executables in Windows Startup folders, enabling remote code execution upon login.
The malicious campaign involved spear-phishing emails containing malicious RAR files. When opened, these files exploited the WinRAR flaw to install RomCom backdoors. RomCom is suspected to be operated by a Russia-linked cyberespionage group.
RomCom has a history of exploiting zero-day vulnerabilities. Previously, it targeted Firefox and Tor Browser users across Europe and North America.
WinRAR users are advised to update to the latest version to protect against CVE-2025-8088. Users should also exercise caution when opening unexpected or suspicious email attachments, regardless of their file type.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Ukraine's Drone Revolution: Rapid Evolution and Countermeasures
- EU's Energy Infrastructure Under Siege: Cyber Attacks Surge 67% in 2025
- Vito Schnabel's Art & Real Estate Fortune Tops €10.4M
