A security flaw in the popular file compression software WinRAR, recently patched by the company, has been actively used by a Russian hacking group in targeted phishing campaigns. The vulnerability allowed attackers to remotely execute code on a victim’s machine, leading to the installation of malicious software. Security experts are urging users to manually update their software to the latest version to protect themselves.
A Critical Flaw in Widely Used Software
The vulnerability, identified as CVE-2025-8088, was a “directory traversal” issue within WinRAR. This means that an attacker could create a special compressed file that, when opened by a user, would force the program to place a file in a location other than the one the user selected. This manipulation allowed for a malicious executable to be dropped into a critical system folder, such as the Windows Startup directory. The flaw was present in older versions of WinRAR and related programs like Windows versions of RAR, UnRAR, and UnRAR.dll. It has since been fixed in WinRAR version 7.13.
The Threat of Remote Code Execution
By exploiting this flaw, attackers could craft a file that would place a malicious program directly into a folder that automatically runs its contents when a user logs into their computer. This method gives the attacker a high level of control over the infected machine, allowing for what is known as ‘remote code execution.’ This type of access is highly dangerous, as it can be used to steal personal information, install ransomware, or use the compromised machine as part of a larger network of infected computers.
FCRF Launches India’s Premier Certified Data Protection Officer Program Aligned with DPDP Act
RomCom, A Notorious Hacking Group, Takes Advantage
The security flaw was not just theoretical; it was actively being used in real-world attacks. A Russian hacking group known as RomCom, which also goes by names like Storm-0978, Tropical Scorpius, and UNC2596, was identified as the party exploiting the weakness. The group is known for its use of “zero-day” vulnerabilities—flaws that are not yet known to software developers—and custom malware. RomCom’s campaigns often involve data theft and ransomware, and they have previously been linked to other major cybercrime operations.
The Urgent Need for a Manual Update
Unlike many modern software applications, WinRAR does not automatically update itself. This places the burden of protection squarely on the user. Security researchers are strongly advising that all users immediately and manually download the latest version of WinRAR from the official website. This proactive step is the only way to ensure their systems are no longer vulnerable to this specific attack vector and the potential dangers it poses.