Home / Technology / Urgent Update: WinRAR Flaw Fuels Global Cyberattacks
Urgent Update: WinRAR Flaw Fuels Global Cyberattacks
28 Jan
Summary
- A critical WinRAR vulnerability is actively exploited by multiple hacker groups.
- State-aligned hackers target Ukrainian systems, while others pursue financial gain.
- Users must update WinRAR immediately, as the patch has been available since July 2025.
A critical vulnerability in the widely used WinRAR file decompression tool, identified as CVE-2025-8088, is currently being exploited by multiple cybercriminal groups. These attackers, allegedly linked to Russia and China, are targeting Ukrainian military and civilian systems. Additionally, hackers in China are using the flaw to deploy remote access trojans.
The exploit, discovered last year, was patched by WinRAR in July 2025. However, a significant number of users continue to operate outdated versions, leaving them susceptible to attacks. The vulnerability's broad impact means it's not just state-level actors exploiting it; other malicious actors are using it for financial gain in regions including Brazil, Latin America, and Indonesia.
Furthermore, software leveraging this WinRAR flaw is being sold on the black market for prices ranging from $80,000 to $300,000 USD. Google's Threat Intelligence Group has shared data to aid in detecting these threats. The most effective protection for users is to update WinRAR to its latest version, which has been secured for nearly six months as of January 2026.
