Still using WinRAR? It might be time for an update, as a zero-day vulnerability is being 'exploited in the wild in the guise of job application documents'

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

5

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the PC Gamer Newsletter

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Every Friday

GamesRadar+

Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.

Signup +

Every Thursday

GTA 6 O'clock

Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.

Signup +

Every Friday

Knowledge

From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.

Signup +

Every Thursday

The Setup

Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.

Signup +

Every Wednesday

Switch 2 Spotlight

Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.

Signup +

Every Saturday

The Watchlist

Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.

Signup +

Once a month

SFX

Get sneak previews, exclusive competitions and details of special events each month!

Signup +

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

There's something about the WinRAR stacked-book logo that makes me all nostalgic, giving me a proper case of the warm fuzzies deep inside. What turns those fuzzies into ouchies, however, is the idea of a zero-day vulnerability in my beloved file compression and extraction tool.

ESET Research first identified the exploit, now classified under the name CVE-2025-8088, back in July, and published a full breakdown of its findings yesterday. The vulnerability is believed to be in active use by a Russia-aligned hacking group working under the alias RomCom, and is "being exploited in the wild in the guise of job application documents."

The issue has since been fixed in the most recent WinRAR 7.13 release. According to the changelog: "When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path."

For those of us who struggle to understand the mechanisms behind these attacks (I'm with you, this stuff is often complicated), Bleeping Computer has a good breakdown. Essentially, an infected archive, once delivered to a host machine, can extract executables into Windows autorun paths—including the Startup folder.

When a user next logs in, the executable will run and remotely execute malicious code. ESET says that it has observed infected archives being used in spear phishing campaigns, all of which involved the emailing of a CV in .rar format to potential victims.

According to ESET's telemetry, none of the affected targets under its watch were actively compromised, but still, it's scary stuff. Ukrainian authorities have previously reported that Russian hackers were wiping data from government computers with a separate WinRAR exploit, although at the time the attack was attributed to the infamous Sandworm hacking group, not RomCom.

"By exploiting a previously unknown zero-day vulnerability in WinRAR, the RomCom group has shown that it is willing to invest serious effort and resources into its cyberoperations," says ESET.

"This is at least the third time RomCom has used a zero-day vulnerability in the wild, highlighting its ongoing focus on acquiring and using exploits for targeted attacks. The discovered campaign targeted sectors that align with the typical interests of Russian-aligned APT groups, suggesting a geopolitical motivation behind the operation."

So, if you've got an older copy of WinRAR on your machine, it's probably best to give it an update. Better safe than sorry, ey?

Best SSD for gaming 2025

👉Check out our full guide👈

1. Best overall:
WD_Black SN7100

2. Best budget:
Biwin Black Opal NV7400

3. Best PCIe 5.0:
WD_Black SN8100

4. Best budget PCIe 5.0:
Crucial P510

5. Best 4 TB:
TeamGroup MP44

6. Best 8 TB:
WD_Black SN850X

7. Best M.2 2230:
Lexar Play 2230

8. Best for PS5:
Silicon Power XS70

9. Best SATA:
Crucial MX500