WinRAR Zero-Day Exploited by Russian-Linked Hackers RomCom and Paper Werewolf
techrepublic.com
Older WinRAR versions let malicious archives override the user-specified path via crafted archives, enabling stealthy system compromise.
Cybersecurity researchers have identified an actively exploited flaw in WinRAR that attackers are using to plant long-term backdoors on targeted machines. The vulnerability, tracked as CVE-2025-8088, affects all Windows versions of WinRAR up to 7.12 and has been tied to two Russia-linked groups known as RomCom and Paper Werewolf.
The flaw, first reported by ESET on July 18, 2025, is a path traversal bug that leverages Window’s alternate data streams (ADS) feature to circumvent normal file extraction safeguards. This technique lets maliciously crafted RAR files place harmful content into protected system locations, including the Startup folder and temporary directories, so they can execute automatically when a user logs in.
“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be ...
Copyright of this story solely belongs to techrepublic.com . To see the full text click HERE