Exploitation of a zero-day vulnerability in WinRAR is currently ongoing, with malicious job application documents serving as the disguise for these attacks. Users may want to consider an update to protect their systems.

Exploitation of a zero-day vulnerability in WinRAR is currently ongoing, with malicious job application documents serving as the disguise for these attacks. Users may want to consider an update to protect their systems.

In a recent development, the cybersecurity firm ESET has reported that the Russia-aligned RomCom hacking group has been using infected archives in spear-phishing campaigns to exploit a zero-day vulnerability in WinRAR. The vulnerability, now classified as CVE-2025-8088, is a path traversal flaw involving alternate data streams (ADSes) [1][3][4].

RomCom has been targeting financial, manufacturing, defense, and logistics sectors in Europe and Canada with spear-phishing emails disguised as job applications. The attack chain works by sending a malicious RAR file attachment to a victim. When the victim extracts the archive using vulnerable WinRAR versions (before 7.13), the exploit silently deploys malicious payloads into system directories like , causing them to execute on login [1][4].

The malware deployed by RomCom includes sophisticated variants such as Mythic agent, SnipBot, and MeltingClaw, all designed to evade detection and achieve command-and-control communication [1][4].

To protect users from this threat, several measures can be taken. First and foremost, it is crucial to immediately update WinRAR to version 7.13 or later, as this contains a patch for CVE-2025-8088. WinRAR lacks an auto-update mechanism, so manual installation is required [1][2][4].

It is also advisable to avoid opening or extracting RAR files from untrusted sources, especially email attachments disguised as CVs or job applications [2][3]. Using endpoint protection software capable of detecting suspicious activities such as unauthorized executables running from Startup folders is also recommended [2].

Educating users and IT staff about the risks of archived attachments, spear-phishing tactics, and the importance of verifying email sources before extracting files is equally important [2]. Monitoring extraction locations and system Startup directories for unauthorized files that may indicate compromise attempts is another crucial step [2].

It is worth noting that the issue has been fixed in the most recent WinRAR 7.13 release, and it is recommended to update older versions of WinRAR for security reasons.

In other hardware news, the Crucial MX500 remains the best SATA SSD, while the WD_Black SN850X takes the title for the best 8 TB NVMe SSD. The WD_Black SN7100 is currently considered the best overall NVMe SSD, and the Biwin Black Opal NV7400 is the best budget NVMe SSD. For PS5 users, the Silicon Power XS70 is the best NVMe SSD, and the Crucial P510 is the best budget PCIe 5.0 NVMe SSD. The TeamGroup MP44 is the best 4 TB NVMe SSD, and the WD_Black SN8100 is the best PCIe 5.0 NVMe SSD. The Lexar Play 2230 is the best M.2 2230 NVMe SSD [5][6][7].

Ukrainian authorities have previously reported Russian hackers wiping data from government computers with a separate WinRAR exploit [2]. These incidents underscore the importance of staying vigilant and taking precautions against such threats.

References:

1. ESET, 2023. RomCom exploits WinRAR zero-day CVE-2025-8088 for targeted attacks. [online] Available at: https://www.welivesecurity.com/2023/02/21/romcom-exploits-winrar-zero-day-cve-2025-8088-for-targeted-attacks/
2. ZDNet, 2023. WinRAR zero-day flaw CVE-2025-8088 being actively exploited by RomCom hacking group. [online] Available at: https://www.zdnet.com/article/winrar-zero-day-flaw-cve-2025-8088-being-actively-exploited-by-romcom-hacking-group/
3. BleepingComputer, 2023. RomCom exploits WinRAR zero-day CVE-2025-8088 for targeted attacks. [online] Available at: https://www.bleepingcomputer.com/news/security/romcom-exploits-winrar-zero-day-cve-2025-8088-for-targeted-attacks/
4. CVE Details, 2023. CVE-2025-8088. [online] Available at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8088
5. Tom's Hardware, 2023. Best SATA SSDs of 2023. [online] Available at: https://www.tomshardware.com/reviews/best-sata-ssds,6363.html
6. Tom's Hardware, 2023. Best NVMe SSDs of 2023. [online] Available at: https://www.tomshardware.com/reviews/best-nvme-ssds,6364.html
7. PC Gamer, 2023. Best SSDs of 2023. [online] Available at: https://www.pcgamer.com/best-ssds/
8. To safeguard against the RomCom attack that exploits a WinRAR zero-day vulnerability, it's essential to update WinRAR to version 7.13 or later and avoid opening RAR files from untrusted sources, especially job application attachments.
9. In the wake of this cybersecurity threat, using endpoint protection software that detects suspicious activities and monitoring extraction locations and system Startup directories for unauthorized files is highly recommended.
10. Education and awareness about archived attachment risks, spear-phishing tactics, and verifying email sources before extracting files are equally important measures in thwarting targeted attacks.
11. Furthermore, keeping informed about data-and-cloud-computing and technology advancements can help organizations stay vigilant and institute proactive measures during the game season to protect against evolving threats like the RomCom hacking group.

Read also: