Currently, being taken advantage of by two Russian cybercrime groups is a major zero-day flaw in the most widely used WinRAR file compression program. Some of these attacks are customized to particular targets; they are meant to backdoor computers that open dangerous files attached to phishing emails.
ESET said on Monday that these attacks were first identified on the 18th of July when a file was found in an unusual path directory. ESET determined by July 24 that this behavior was linked to the abuse of an undetected flaw in WinRAR, a file compression application with a reported installed user base of about 500 million. On the same day, ESET notified the WinRAR developers; six days later, a patch was published.
Within Windows, the WinRAR 0-day vulnerability appeared to have an amazing capacity. A Windows feature that lets several forms of the same file path be used, alternate data streams were exploited here. Taking advantage of this capability, the WinRAR 0-day vulnerable exploit triggered a previously unknown path traversal bug that caused WinRAR to leave malicious executables in locations chosen by the attackers, namely %TEMP% and %LOCALAPPDATA%. Because of their capacity to run code, Windows usually blocks these locations.
Attacks that ESET linked back to RomCom, its name for a financially motivated cybercrime group operating out of Russia, have operated for many years. This well-resourced group has proved its ability to find exploits and carry out somewhat sophisticated methods. Under the number CVE-2025-8088, this group’s use of the WinRAR 0-day vulnerability is now being followed.
ESET’s Anton Cherepanov, Peter Strycek, and Damien Schaeffer remarked, “By exploiting a previously unknown WinRAR’s zero-day vulnerability, the RomCom group has shown that it is willing to invest serious effort and resources into its cyberoperations. This is at least the third time RomCom has used a zero-day vulnerability in the wild, highlighting its ongoing focus on acquiring and using exploits for targeted attacks.”Users can also read:ChatGPT to Receive OpenAI’s New Mental Health Safeguards After Reports of Harm