Hello, tech enthusiasts! Today, let’s dive into a fascinating update about a serious security flaw in WinRAR, the popular file compression tool.

Recently, a critical zero-day vulnerability in WinRAR has been actively exploited by two Russian hacking groups. These attacks involve sneaky backdoors installed when users open malicious archives embedded in phishing emails, some tailored to deceive specific targets.

The security firm ESET first detected these attacks in July and linked them to an unknown vulnerability, now tracked as CVE-2025-8088. They rapidly notified WinRAR developers, who released a patch within six days to fix the flaw.

This vulnerability exploited Windows features called alternate data streams, tricking WinRAR into planting harmful executables in protected directories like %TEMP% and %LOCALAPPDATA%, which are normally off-limits for code execution.

Interestingly, the Russian crime group RomCom, known for its sophisticated cyber operations, is responsible for exploiting this flaw. They’ve shown significant resource investment, highlighting their capability to acquire and deploy advanced exploits. Another group, Paper Werewolf, also exploited the same vulnerability using malicious email archives to gain access to infected systems.

Furthermore, ESET observed three different malicious chains of execution, including deploying a custom Mythic Agent framework, dropping malware like SnipBot, and using other known RomCom malware tools such as RustyClaw and Melting Claw.

WinRAR’s widespread use and lack of automatic updates make it an attractive target for malware campaigns—especially since users must manually update the software for security patches. As of now, versions prior to 7.13 are vulnerable, urging users to update immediately to stay protected.

So, if you’re still using old WinRAR versions, it’s high time to upgrade and avoid these dangerous exploits!