- ESET has found a high severity bug in Winrar used by Romcom, a known Russian hacking collective
- The bug was used to deploy derivations allowing full access to compromise computers
- Winrar says he has solved the problem, so that users should update now
The iconic archiving platform Winrar has brought a dangerous vulnerability of zero-day that could have allowed malware hackers on compromise compromises, security researchers warn.
Recently, ESET researchers have discovered a vulnerability to cross the repertoire in the latest version of Winrar. The fault is now followed under the name of CVE-2025-8088 and has received a gravity score of 8.4 / 10 (high).
To make things worse, the hackers were seen abusing defect in nature to deposit the variants of malware from Romcom.
Patcher the bug
ESET researchers said the fault was abused in spear phishing attacks (very targeted phishing attacks) by the Russian threat actor known as Romcom, a group known for managing spying and financially motivated attacks.
Its usual targets include organizational, military and critical infrastructure organizations, so that spear phishing attacks would have a perfectly logical meaning.
The group used the bug to deploy deadlines which would give them full access to compromise computers.
The group’s first observations took place in 2022, targeting entities across Europe and North America. It often envelops legitimate software in its attacks, the Romcom Rat being its flagship malware.
Romcom is also followed by other security outfits under the nicknames Storm-0978, Tropical Scorpius and UNC2596.
After the discovery, Winrar published a patch to repair the fault. The first clean version is 7.13.
“During the extraction of a file, previous versions of Winrar, the Windows versions of Rar, Unrar, Source Unrar Portable and Unrar.dll may have to use a path, defined in an archive specially designed, instead of a path specified by the user,” said Winrar in his Changelog. “The UNIX versions of Rar, Unrar, Source Unrar Portable and Unrar Library, also as RAR for Android, are not affected.”
Winrar is a type of program that does not update automatically, so unless users uninstall it and manually download the latest version, they will remain vulnerable.
Via Bleeping Compompute
