- Eset found a high difficulty error in Winrar used by ROMCOM, a well-known Russian hacking collective
- The error was used to implement back doors, giving full access to compromised computers
- WinRar says it has solved the problem so users need to update now
Iconic filing platform Winrar bar a dangerous zero-day vulnerability that could have charged hackers plant malware on compromised computers, security researchers are warning.
Recently, scientists from ESET discovered a catalog through vulnerability in the latest version of Winrar. The error is now traced as CVE-2025-8088 and got a severity of 8.4/10 (high).
To make it worse, hackers were seen abusing the mistake of nature to drop the romcom’s malware variants.
Patching of the error
Eset’s researchers said the mistake was abused in spearshishing attacks (highly targeted phishing attack) by the Russian-speaking threat actor known as Romcom, a group known for running espionage and financially motivated attacks.
Its usual goals include governments, military and critical infrastructure organizations, so spearshishing attacks would make perfect sense.
The group used the error to implement back doors, which would give them full access to the compromised computers.
The group’s earliest observations were in 2022 and targeted units throughout Europe and North America. It often falsified legitimate software in its attacks where Romcom Rat is its flagship malware.
Romcom is also traced by other safety equipment during Monikers Storm-0978, Tropical Scorpius and UNC2596.
After the discovery, WinRar released a patch to resolve the error. The first clean version is 7.13.
“When you extract a file, earlier versions of WinRar, Windows versions of RAR, Urar, Portable Urar Code and Urar.dll can fool to use a path, defined in a specially designed archive, instead of user specified path,” Winrar explained in his Changelog. “Unix versions of RAR, UNRAR, PORTABLE URAR -CODE CODE AND URAR -LIBRARY, also as nice for Android, is not affected.”
WinRar is a type of program that does not update automatically, so unless users uninstall it and download the latest version manually, they will remain vulnerable.
Via Bleeping computer
