Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability
Essential information
- Published
- 11/08/2025 14:56
- Modified
- 11/08/2025 15:41
- Tags
- 2025-08-11 CVE-2025-8088 backdoor exploit mythic russia-aligned rustyclaw snipbot spearphishing vulnerability winrar zero-day
- Related entities
- 2 vulnerabilities (cve), 9 observables, 1 intrusion sets (apt), 3 malware, 4 others
Description
A zero-day vulnerability in WinRAR, CVE-2025-8088, has been discovered being exploited in the wild by the Russia-aligned group RomCom. The vulnerability allows attackers to hide malicious files in archives, which are silently deployed when extracted. The exploit was used in spearphishing campaigns targeting financial, manufacturing, defense, and logistics companies in Europe and Canada. Three execution chains were identified, delivering various backdoors including a SnipBot variant, RustyClaw, and Mythic agent. This marks the third time RomCom has exploited a significant zero-day vulnerability, highlighting their focus on acquiring and using exploits for targeted attacks. Users are advised to update WinRAR immediately to mitigate the risk.