WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack groups, Earth Dahu (also known as Gamaredon) and SHADOW-EARTH-066 (also known as UAC-0226), are actively exploiting a critical vulnerability in WinRAR, identified as CVE-2025-8088. This path traversal flaw allows attackers to execute arbitrary code on a victim's system by tricking users into opening specially crafted RAR archives. Despite patches being available for nearly a year, these groups continue to leverage this vulnerability to deploy information-stealing malware, primarily targeting organizations within Ukraine. Trend Micro, a cybersecurity firm, has attributed this ongoing exploitation to the aforementioned groups, highlighting the persistent threat posed by these actors. The attacks often begin with phishing emails containing malicious attachments, which, when opened, exploit the WinRAR flaw to install stealer malware. This malware is designed to exfiltrate sensitive data such as credentials, financial information, and other confidential data from compromised systems. The continued use of this vulnerability underscores the importance of timely patching and user awareness regarding phishing attempts, especially in the context of ongoing geopolitical conflicts.
Original source — read the full reporting at the publisher:
Read on The Hacker News