High-severity WinRAR 0-day exploited for weeks by 2 groups

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2025 Poal.co

1.2K

•

High-severity WinRAR 0-day exploited for weeks by 2 groups (arstechnica.com)

From the post:

>A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached to phishing messages, some of which are personalized. Security firm ESET said Monday that it first detected the attacks on July 18, when its telemetry spotted a file in an unusual directory path. By July 24, ESET determined that the behavior was linked to the exploitation of an unknown vulnerability in WinRAR, a utility for compressing files and has an installed base of about 500 million. ESET notified WinRAR developers the same day, and a fix was released six days later.

Archive: https://archive.today/fYr4Y From the post: >>A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached to phishing messages, some of which are personalized. Security firm ESET said Monday that it first detected the attacks on July 18, when its telemetry spotted a file in an unusual directory path. By July 24, ESET determined that the behavior was linked to the exploitation of an unknown vulnerability in WinRAR, a utility for compressing files and has an installed base of about 500 million. ESET notified WinRAR developers the same day, and a fix was released six days later.

(post is archived)

[–] • 1 pt

Besides its massive user base, WinRAR makes a perfect vehicle for spreading malware because the utility has no automated mechanism for installing new updates. That means users must actively download and install patches on their own.

That’s the first thing I thought of. Most Windows software is downloaded and installed manually with no auto‐update unless the software itself handles that. I bet vulnerabilities like these hang around for years until people finally setup a new machine and download new versions. A lot of MacOS software is the same.

link