WinRAR zero-day Exploited to Plant Malware on Archive Extraction
An Anonymous Coward writes:
A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.
The flaw is a directory traversal vulnerability that was fixed in WinRAR 7.13, which allows specially crafted archives to extract files into a file path selected by the attacker.
"When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path," reads the WinRAR 7.13 changelog.
[Editor's Comment: It affects Windows only--JR]
"Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected."
[...] RomCom (also tracked as Storm-0978, Tropical Scorpius, or UNC2596) is a Russian hacking group linked to ransomware and data-theft extortion attacks, along with campaigns focused on stealing credentials.
- Links in article:
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
https://www.win-rar.com/
https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/
https://www.bleepingcomputer.com/news/security/new-romcom-malware-variant-snipbot-spotted-in-data-theft-attacks/
https://www.bleepingcomputer.com/news/security/hacker-uses-new-rat-malware-in-cuba-ransomware-attacks/
https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/
Read more of this story at SoylentNews.