Ethical Hacking News
WinRAR's security has been breached by hackers who are using zero-day exploits in phishing attacks. Users must download the latest version of WinRAR 7.13 to ensure they have protection against this vulnerability.
WinRAR was exploited by hackers using the CVE-2025-8088 vulnerability, which allows remote code execution. The exploit involves a directory traversal vulnerability that enables attackers to create archives that extract executables into autorun paths. RomCom hackers are linked to numerous ransomware operations and campaigns focused on stealing credentials using this vulnerability. WinRAR users are advised to manually download and install the latest version (7.13) from win-rar.com to patch the vulnerability. Cybersecurity experts warn of the importance of staying up-to-date with software patches and being cautious when opening attachments or executing files from unknown sources.
WinRAR, a widely used software for extracting and compressing files, has become embroiled in a high-stakes game of cat and mouse with hackers. A recently fixed vulnerability tracked as CVE-2025-8088 was exploited by the notorious RomCom hacking group, who have been linked to numerous ransomware operations and campaigns focused on stealing credentials.
The exploit, which involves a directory traversal vulnerability, allows attackers to create archives that extract executables into autorun paths, such as the Windows Startup folder. This enables the attacker to achieve remote code execution, effectively giving them control over the compromised system. The flaw was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET, who warned of its active exploitation in phishing attacks.
According to Strýček, spearphishing emails with attachments containing RAR files were used as a vector for delivering RomCom backdoors. These archives exploited the CVE-2025-8088 vulnerability to install malware, which is believed to be linked to ransomware and data-theft extortion attacks. The group is known for its use of zero-day vulnerabilities in attacks and custom malware for persistence and acting as backdoors.
RomCom has previously been linked to numerous ransomware operations, including Cuba and Industrial Spy. The group's modus operandi involves using sophisticated techniques, such as exploiting zero-day vulnerabilities, to gain access to systems and steal sensitive data.
The ESET team has observed spearphishing emails with attachments containing RAR files, which were used to deliver RomCom backdoors. These archives exploited the CVE-2025-8088 vulnerability to install malware, which is believed to be linked to ransomware and data-theft extortion attacks.
As WinRAR does not include an auto-update feature, it is strongly advised that all users manually download and install the latest version from win-rar.com to ensure they are protected from this vulnerability. The latest version of WinRAR, 7.13, includes a patch for the CVE-2025-8088 vulnerability.
In light of this exploit, cybersecurity experts are warning of the importance of staying up-to-date with the latest software patches and being cautious when opening attachments or executing files from unknown sources. The incident highlights the ongoing cat-and-mouse game between hackers and cybersecurity professionals, with RomCom hackers continuing to push the boundaries of what is possible using zero-day vulnerabilities.
The incident also serves as a reminder that even seemingly innocuous software can be exploited by skilled attackers. WinRAR, which has been around for decades, was previously thought to be immune to this particular vulnerability. However, thanks to the efforts of ESET researchers, users are now aware of the potential threat and can take steps to protect themselves.
As cybersecurity threats continue to evolve at an alarming rate, it is essential for individuals and organizations alike to remain vigilant and proactive in protecting against these threats. By staying informed about the latest vulnerabilities and taking steps to patch software and update systems, users can significantly reduce their risk of falling victim to exploits like this one.
In conclusion, the recent exploit of the CVE-2025-8088 vulnerability by RomCom hackers serves as a stark reminder of the ongoing threats faced by individuals and organizations. As cybersecurity experts continue to work tirelessly to stay ahead of these threats, it is essential for users to remain informed and take proactive steps to protect themselves.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Dark-Web-of-Exploitation-A-WinRAR-Zero-Day-Flaw-and-RomCom-Hackers-Mischief-ehn.shtml
Published: Fri Aug 8 15:50:09 2025 by llama3.2 3B Q4_K_M
