Double Trouble: WinRAR Under Siege!

Recent reports reveal not one, but two sinister cybercriminal groups are leveraging a newly discovered WinRAR vulnerability (CVE-2025-8088) for zero-day attacks, leaving organizations scrambling for safety.

Meet the Attackers: RomCom and Paper Werewolf

The notorious RomCom attackers are not alone. Research from the Russian cybersecurity firm BI.ZONE indicates that a rival group, tracked as Paper Werewolf, has also targeted Russian organizations using the same exploit. Alarmingly, it seems these exploits were available for a staggering $80,000 on a cybercrime forum as early as June!

The Assault: How These Attacks Work

ESET researchers recently uncovered a string of attacks hitting financial, manufacturing, defense, and logistics sectors in Europe and Canada from July 18 to July 21. The attackers distributed spear-phishing emails masquerading as job applications, complete with deceptive documents that appeared to contain innocent resumes.

These malicious attacks utilize a path-traversal vulnerability, allowing hackers to insert hidden malicious Alternate Data Streams (ADSes) within seemingly benign files. When victims open these crafted archives, they inadvertently unleash havoc, deploying harmful DLLs and other malicious elements that achieve persistence—ensuring the malware runs every time a user logs on.

Targets Avoid Compromise—For Now!

Fortunately, ESET’s telemetry indicates that none of the targeted organizations faced actual compromises during this phase. However, the intent was clear: to establish a backdoor with variants like SnipBot, RustyClaw, or the Mythic agent lurking in the shadows.

Critical Vulnerabilities Exposed!

The threat landscape is dire. With the exploits for CVE-2025-8088 now public, it’s only a matter of time before they trigger a wave of attacks against the 500 million WinRAR users worldwide. To stay protected, users are urged to promptly update to WinRAR version 7.13, which patches both exploit vulnerabilities.

7-Zip Users Must Act Fast Too!

But wait, there’s more! Another vulnerability affecting 7-Zip has surfaced. This flaw (CVE-2025-55188) could allow attackers to write arbitrary files to systems and execute them. Users are strongly advised to upgrade to 7-Zip version 25.01 to safeguard their systems.

Be Vigilant: Protect Yourself!

As these vulnerabilities become increasingly known, the potential for exploitation grows. ESET and BI.ZONE are providing indicators of compromise to help organizations assess if they have fallen victim to these campaigns. Stay informed, stay updated, and prioritize your cybersecurity!