Critical WinRAR Vulnerability Under Active Attack by Russian, Chinese, and Criminal Groups

Hackers exploit WinRAR flaw CVE-2025-8088 to attack Ukrainian entities and spread ransomware, despite a patch available since July.

By Content Team

Jan 29, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Google's Threat Intelligence Group warns that hackers are actively exploiting a critical WinRAR vulnerability (CVE-2025-8088) discovered and patched in July 2025. The flaw allows attackers to drop malicious files into Windows Startup folders through specially crafted RAR archives.

Russian groups like APT44 and Turla are targeting Ukrainian military and government entities, while Chinese actors deploy POISONIVY malware. Criminal groups are also using the exploit to spread ransomware and steal data from commercial targets.

The vulnerability works by hiding malicious payloads in decoy files within RAR archives. When users open these files, the exploit writes malware to critical system directories for persistence. Despite a patch being available since July 30, widespread exploitation continues across diverse threat operations.

Source: Google Cloud Blog

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Jan 14, 2026

'PackageGate' Vulnerabilities Expose JavaScript Package Managers to Supply Chain Attacks

Jan 27, 2026

Qualcomm Zero-Day Exploited in Targeted Android Attacks

Mar 4, 2026

EmEditor Hit by Supply Chain Attack Delivering Infostealer Malware

Dec 29, 2025