A vulnerability in WinRAR that was fixed six months ago is still being weaponized by sophisticated cyber threats. New intelligence from Google’s Threat Intelligence Group reveals that state-backed hackers—including groups linked to Russia and China—are actively exploiting the flaw to deploy malware, conduct espionage, and even monetize the attack through black-market sales.
The issue stems from a file-handling flaw in older versions of WinRAR (CVE-2025-8088), which allows attackers to inject malicious code when a compromised archive is opened. While the patch was released in July 2025, many users still run outdated versions, leaving systems exposed. Google’s findings indicate that four hacking groups with ties to Russia are targeting Ukrainian military and civilian networks, while a fifth, associated with China, is deploying remote access trojans through the same vulnerability.
This isn’t just a state-level concern. Cybercriminals are also leveraging the exploit for financial gain, with attacks observed in Brazil, Indonesia, and other regions. The problem has escalated to the point where exploit kits are being sold on the dark web for between $80,000 and $300,000, expanding the attack surface to include Windows systems, Microsoft Office files, VPNs, and antivirus software.
- WinRAR versions prior to the July 2025 patch (exact version numbers not specified in public reports).
- Systems where users regularly open untrusted RAR archives.
- Organizations in Ukraine, Latin America, Southeast Asia, and other targeted regions.
Google’s researchers have shared detection tools to help organizations identify known threats exploiting this vulnerability. However, the most effective protection remains straightforward: updating WinRAR to the latest version. The patch has been available for months, and the risk of exploitation grows with each delay.
For most users, WinRAR’s relevance has diminished over time—modern Windows systems natively support ZIP and 7-Zip formats, and RAR files are less common in everyday use. But for those who still rely on the software, especially in environments handling sensitive data, the update is non-negotiable. Ignoring this fix leaves systems vulnerable to both state-sponsored espionage and opportunistic cybercrime.
- Open WinRAR and check for updates under the Help menu.
- If an update is available, install it immediately.
- For organizations, deploy detection tools provided by Google’s Threat Intelligence Group.
- Consider transitioning to alternative archive tools (e.g., 7-Zip) if WinRAR is no longer critical to your workflow.
This isn’t the first time a legacy software flaw has become a persistent threat, but the scale of exploitation—from nation-state actors to commercial malware brokers—underscores the importance of patch management. With WinRAR, the solution is simple: update, and move on.
