- ESET found a high severity error in Winrar being used by Romcom, a well -known Russian piracy collective
- The error was being used to implement rear doors that allow full access to compromised computers
- Winrar says that the problem has solved, so users must now update
The iconic Archiving Winrar platform brought a dangerous zero day vulnerability that could have allowed hackers to plant malware in compromised computers, security researchers are warning.
Recently, ESET researchers discovered a transversal vulnerability of the board in the latest version of Winrar. The defect is now tracked as CVE-2025-8088, and was given a gravity score of 8.4/10 (high).
To worsen things, computer pirates were seen abusing the failure in nature to drop the Romcom malware variants.
Patch the error
ESET researchers said the defect was being abused in spear phishing attacks (highly directed phishing attacks) by the Russian -speaking threat actor known as Romcom, a group known for administering espionage and attacks with financial motivation.
Its usual objectives include government infrastructure, military and criticism organizations, so the pHishing attacks of spear would make a lot of sense.
The group was using the error to implement the rear doors, which would give full access to compromised computers.
The first sightings of the group were in 2022, attacking entities in Europe and North America. Often falsify the legitimate software in its attacks, with the Romcom rat as its flagship malware.
ROMCOM is also tracked by other security outfits under the nicknames Storm-0978, Tropical Scorpius and UNC2596.
After the discovery, Winrar launched a patch to fix the defect. The first clean version is 7.13.
“By extracting a file, the previous versions of Winrar, the versions of Windows de Rar, Unrar, the source code of a laptop and Unrar.dll can be fooled to use a route, defined in a specially elaborated file, instead of the user -specified route,” Winrar explained in his Cangelog. “The UNIX de Rar, UNRAR, source code of UNRAR Portable and UNRAR LIBRARY, also as RAR for Android, are not affected.”
Winrar is a type of program that is not automatically updated, so unless users uninstall and download the latest version manually, they will remain vulnerable.
Through Bleepingcomputer
