Currently, being taken advantage of by two Russian cybercrime groups is a major zero-day flaw in the most widely used WinRAR file compression program. Some of these attacks are customized to particular targets; they are meant to backdoor computers that open dangerous files attached to phishing emails.
ESET said on Monday that these attacks were first identified on the 18th of July when a file was found in an unusual path directory. ESET determined by July 24 that this behavior was linked to the abuse of an undetected flaw in WinRAR
Within Windows, the WinRAR 0-day vulnerability appeared to have an amazing capacity. A Windows feature that lets several forms of the same file path be used, alternate data streams were exploited here. Taking advantage of this capability, the WinRAR 0-day vulnerable exploit triggered a previously unknown path traversal bug that caused WinRAR to leave malicious executables in locations chosen by the attackers, namely %TEMP% and %LOCALAPPDATA%. Because of their capacity to run code, Windows usually blocks these locations.
Attacks that ESET linked back to RomCom, its name for a financially motivated cybercrime group operating out of Russia, have operated for many years. This well-resourced group has proved its ability to find exploits and carry out somewhat sophisticated methods. Under the number CVE-2025-8088
ESET’s Anton Cherepanov Users can also read: ChatGPT to Receive OpenAI’s New Mental Health Safeguard
