• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Sq Magazine LogoSQ Magazine

Smarter Insights for a Fast-Moving Digital World

  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
Sq Magazine Logo
  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
Home » Cybersecurity

Google Warns of Active WinRAR Exploits Targeting Unpatched Windows Systems

Published on: January 28, 2026
Sofia Ramirez
Written By
Sofia Ramirez
Sofia Ramirez
Senior Tech Writer • 477 Articles
Sofia Ramirez is a technology and cybersecurity writer at SQ Magazine. With a keen eye on emerging threats and innovations, she helps reader...
LATEST POSTS:
Adobe ColdFusion Max-Severity Flaw Now Under Attack
HP DeskJet 2800 Flaw Leaks Wi-Fi Passwords
Microsoft Cuts 4,800 Jobs, Resets Xbox Strategy
Barry Elad
Reviewed By
Barry Elad
Barry Elad
Founder & Senior Journalist • 740 Articles
Barry Elad is a seasoned journalist and analyst specializing in finance, technology, AI, and founder of SQ Magazine. He explores the world o...
LATEST POSTS:
Anthropic Extends Claude Fable 5 Included Access
Anthropic Brings Claude Cowork to Phones and Web
TeraWulf Signs 20-Year, $19 Billion Anthropic Lease
Winrar Exploit Targets Unpatched Windows Systems
As Featured In
The New York Times LogoForbes LogoWired LogoDeloitte LogoResearch.com Logo
Share on LinkedIn ChatGPT Perplexity Share on X Share on Facebook

A critical vulnerability in WinRAR is being actively exploited by hackers, prompting Google to issue a warning to Windows users who have yet to update their software.

Quick Summary – TLDR:

  • CVE-2025-8088, a critical WinRAR flaw, is being exploited by both nation-state and financially motivated attackers.
  • The bug enables attackers to gain persistent access to Windows systems via malicious RAR files.
  • Despite a patch released in July 2025, many systems remain vulnerable due to slow update adoption.
  • Google’s Threat Intelligence Group (GTIG) and ESET researchers are tracking the widespread abuse.

What Happened?

Google’s Threat Intelligence Group has confirmed that the critical path traversal flaw in WinRAR, identified as CVE-2025-8088, is being used in real-world attacks. The vulnerability, discovered by researchers at ESET and patched in July 2025, allows malicious RAR archives to write files to arbitrary locations on a user’s system. Threat actors are using this technique to place malicious files into Windows Startup folders, ensuring the malware runs every time the system starts.

We are tracking widespread exploitation of critical WinRAR vulnerability CVE-2025-8088 by state-sponsored espionage groups and financially motivated actors. 🔍

All orgs and users should update to the latest version of WinRAR.

Learn more and get IOCs:https://t.co/mrB4q9svwl pic.twitter.com/LhSAAdnoHU

— Mandiant (part of Google Cloud) (@Mandiant) January 27, 2026

CVE-2025-8088: A Powerful Exploit Hiding in Plain Sight

The flaw works by abusing Windows Alternate Data Streams (ADS) and directory traversal. Attackers craft RAR files containing hidden malicious payloads disguised under normal-looking documents. When opened using a vulnerable WinRAR version, the archive silently writes a .lnk, .cmd, or .bat file into a critical system directory such as:

../../../../../Users/<user>/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/

Once the archive is opened, the payload is extracted and executed automatically on the next reboot, giving attackers persistent access without further user interaction.

RARLAB issued a fix in WinRAR version 7.13 on July 30, 2025, but attackers continue targeting outdated systems.

Cyber Espionage Campaigns

Google has observed multiple state-sponsored hacking groups exploiting the flaw:

  • Russia-nexus group UNC4895 (RomCom) targeted Ukrainian military with spearphishing emails and deployed NESTPACKER malware.
  • APT44 (FROZENBARENTS) used decoy Ukrainian documents to drop malicious LNK files.
  • TEMP.Armageddon (CARPATHIAN) delivered HTA files that act as downloaders for further payloads.
  • Turla (SUMMIT) deployed its STOCKSTAY malware using lures themed around Ukraine’s drone operations.
  • A China-based actor used the exploit to drop POISONIVY malware via a BAT file into the Startup folder.
Newsletter
Subscribe To Our Newsletter!

Be the first to get exclusive offers and the latest news.

Financially Motivated Threats

Cybercriminals are also leveraging the same flaw for monetary gain:

  • A group in Indonesia used the bug to drop a .cmd script that later downloads a password-protected RAR archive from Dropbox, containing a backdoor linked to a Telegram bot.
  • Actors in Latin America targeted the travel industry with phishing emails related to hotel bookings to deliver XWorm and AsyncRAT.
  • In Brazil, attackers pushed a malicious Chrome extension designed to steal banking credentials through phishing overlays on banking websites.

The Underground Economy: zeroplayer’s Role

One of the key exploit providers behind this wave is a dark web actor named zeroplayer. Known for selling high-end zero-day vulnerabilities, zeroplayer advertised a WinRAR exploit in July 2025, contributing to the vulnerability’s mass adoption.

Other exploits offered by zeroplayer include:

  • Microsoft Office RCE sandbox escape listed at 300,000 dollars.
  • Zero-day in a corporate VPN solution.
  • Local Privilege Escalation for Windows sold for 100,000 dollars.
  • AV/EDR bypass exploit for 80,000 dollars.

These offerings show how exploit developers enable a wider range of attackers, lowering the technical barrier for both state actors and cybercriminals.

What Users and Organizations Should Do?

Google is urging all users and enterprises to:

  • Update to WinRAR version 7.13 or later.
  • Patch systems without delay.
  • Monitor Startup folders for suspicious file drops.
  • Use Google Safe Browsing and Gmail protections, which can detect malicious archives.
  • Leverage VirusTotal collections and GTIG IOCs for detection and response.

SQ Magazine’s Takeaway

I think this situation is another reminder that old vulnerabilities can cause serious problems when left unpatched. Even though a fix has been out since July 2025, hackers are still breaking into systems today using CVE-2025-8088. It’s shocking how many organizations don’t update software as soon as patches drop. This WinRAR bug might seem like a small issue, but clearly it’s being used by everyone from government hackers to criminals in Latin America. If you’re still running an old version of WinRAR, it’s time to hit that update button right now.

This article has been reviewed and fact-checked by Barry Elad. SQ Magazine follows strict Publishing Principles and a documented Fact-Check Policy to ensure accuracy, transparency, and editorial independence across all content.

Add SQ Magazine as a Preferred Source on Google for updates! Follow on Google News
Share ChatGPT Perplexity

References

  • CVE-2025-8088 Detail
Sofia Ramirez

Sofia Ramirez

Senior Tech Writer


Sofia Ramirez is a technology and cybersecurity writer at SQ Magazine. With a keen eye on emerging threats and innovations, she helps readers stay informed and secure in today’s fast-changing tech landscape. Passionate about making cybersecurity accessible, Sofia blends research-driven analysis with straightforward explanations; so whether you’re a tech professional or a curious reader, her work ensures you’re always one step ahead in the digital world.

Related Posts

Tinyloader Malware Used To Hijack Crypto And Networks
Cybersecurity

Cybercriminals Exploit TinyLoader Malware to Hijack Crypto and Infiltrate Networks

Cisa Warns To Patch Windows Server Wsus Flaw
Cybersecurity

Hackers Exploit WSUS Flaw as Feds Rush to Secure Vulnerable Servers

Google Patches Android Zero Day Vulnrability
Cybersecurity

Google Patches Android Zero Day Under Active Attack

Disclaimer: The content published on SQ Magazine is for informational and educational purposes only. Please verify details independently before making any important decisions based on our content.

Reader Interactions

Leave a Comment Cancel reply

Primary Sidebar

Connect With Us

facebook x linkedin google-news telegram pinterest whatsapp email
google-preferred-source-badge Add as a preferred source on Google

You Should Also Read

Microsoft Confirms Exploitation of Critical Windows Remote Access Flaw in the Wild
Google Fixes 8th Chrome Zero-Day of 2025 Amid Active Exploits
Google Chrome Under Threat as Exploit Code for V8 Vulnerability Released

Table of Contents

  • Quick Summary – TLDR:
  • What Happened?
  • CVE-2025-8088: A Powerful Exploit Hiding in Plain Sight
  • Cyber Espionage Campaigns
  • Financially Motivated Threats
  • The Underground Economy: zeroplayer’s Role
  • What Users and Organizations Should Do?
  • SQ Magazine’s Takeaway
Connect on Telegram

Footer

SQ Magazine Logo

Smarter Insights for a Fast-Moving Digital World

Connect With Us

Follow Us on Google News

Editorial & Trust

  • About
  • Publishing Principles
  • Fact-Check Policy
  • Corrections Policy
  • Ethics Policy
  • Disclaimer

Worth Checking

  • Social Media Attention Span Stats
  • Gen Z Social Media Statistics
  • TikTok vs. Instagram Statistics
  • LLM Hallucination Statistics
  • Spotify User Statistics
  • Apple Customer Loyalty Statistics
Contact Us
13570 Grove Dr #189,
Maple Grove, MN 55311,
United States
10 a.m. to 6 p.m. | Every day

Copyright © 2022–2026 SQ Magazine. All Rights Reserved. Powered by the Neural Stack.

  • Privacy Policy
  • Terms
  • Accessibility Statement
Company
  • About Us
  • Our Team
  • Our Mission
  • Core Values
Discover
  • Brand Assets
    Brand Assets
  • Stats Methodology
    Stats Research Process
  • Glossary
    Glossary
Categories
  • Internet
  • Technology
  • Artificial Intelligence
  • Gaming
  • Cybersecurity
Internet
Hulu Statistics
Hulu Statistics 2026: Subscribers, Revenue and Market Share
Spotify vs Apple Music Statistics
Spotify vs Apple Music Statistics 2026: Subscribers, Revenue, Market Share
Time Spent on TikTok Statistics
Time Spent on TikTok Statistics 2026: Daily Minutes by Age
Google Workspace Statistics
Google Workspace Statistics 2026: Users, Market Share and AI
YouTube vs TikTok Statistics
YouTube vs TikTok Statistics 2026: Users, Revenue, Creator Economy
Internet Outage Statistics
Internet Outage Statistics 2026: Frequency, Cost and Causes
Technology
Google Cloud Platform Statistics
Google Cloud Platform Statistics 2026: Market Growth
Asana Statistics
Asana Statistics 2026: Revenue, Customers, AI ARR and Market Share
AWS Statistics
AWS Statistics 2026: Revenue, Market Share and AI Growth
Adobe Creative Cloud Statistics
Adobe Creative Cloud Statistics 2026: Subscribers, Revenue and Market Share
Adobe Statistics
Adobe Statistics 2026: Revenue, ARR, and Workforce Data
Employee Productivity Statistics
Employee Productivity Statistics 2026: Engagement, Costs & Trends
Artificial Intelligence
Grammarly AI Statistics
Grammarly AI Statistics 2026: Users, Revenue, Funding, Rebrand
Copilot Statistics
Copilot Statistics 2026: Users, Adoption, Revenue and Market Share
AI Image Generation Statistics
AI Image Generation Statistics 2026: Market Size, Adoption & Risks
Machine Learning Adoption
Machine Learning Adoption in 2026: What Businesses Need to Know
AI Influencer Marketing Statistics
AI Influencer Marketing Statistics: Market Size and Engagement
AI Market Statistics
AI Market Statistics 2026: Size, Growth & Investment
Gaming
Online Gambling Regulations Statistics
Online Gambling Regulations Statistics 2026: Global Compliance and Enforcement Data
Fantasy Sports Statistics
Fantasy Sports Statistics 2026: Users, Revenue & Trends
Apex Legends Statistics
Apex Legends Statistics 2026: Players, Revenue, and Esports
Fortnite Statistics
Fortnite Statistics 2026: Players, Revenue, Esports, and Engagement
Gamers Statistics
Gamers Statistics 2026: Players, Habits & Global Data
Minecraft Statistics
Minecraft Statistics 2026: 300 Million Copies Sold & 212M Monthly Players
Cybersecurity
Password Statistics
Password Statistics 2026: Credential Theft, MFA, and the Passkey Tipping Point
Identity Theft Statistics
Identity Theft Statistics 2026: Key Fraud Data and Trends
CVE Statistics
CVE Statistics 2026: Severity Distribution and Top Affected Vendors
Dark Web AI Tool Marketplace Statistics
Dark Web AI Tool Marketplace Statistics 2026: Explosive Market Growth
API Security Breach Statistics
API Security Breach Statistics 2026: Hidden Threats
AI Voice Cloning Fraud Statistics
AI Voice Cloning Fraud Statistics 2026: Alarming Trends You Must Know Now
Categories
  • Cybersecurity
  • Artificial Intelligence
  • Internet
  • Technology
  • Gaming
Cybersecurity
Accenture Confirms Breach After Hacker Lists Stolen Data
Accenture Confirms Breach After Hacker Lists Stolen Data
Adobe Coldfusion Max Severity Flaw Now Under Attack
Adobe ColdFusion Max-Severity Flaw Now Under Attack
Hp Deskjet 2800 Flaw Leaks Wi Fi Passwords
HP DeskJet 2800 Flaw Leaks Wi-Fi Passwords
Pamstealer Macos Malware Exposed
PamStealer Malware Verifies Stolen Mac Passwords Live
Google Fbi Disrupt Netnut Residential Proxy Network
Google, FBI Disrupt NetNut Residential Proxy Network
India Drafts Stricter Rules For Vpn Providers
India Drafts Stricter Rules for VPN Providers: Report
Artificial Intelligence
Trump Administration Clears Openai S Gpt 5 6 For Launch
Trump Administration Clears OpenAI’s GPT-5.6 for Launch
Anthropic Extends Claude Fable 5 Included Access
Anthropic Extends Claude Fable 5 Included Access
Anthropic Brings Claude Cowork To Phones And Web
Anthropic Brings Claude Cowork to Phones and Web
Terawulf Signs 20 Year 19 Billion Anthropic Lease
TeraWulf Signs 20-Year, $19 Billion Anthropic Lease
Microsoft Launches Frontier Company
Microsoft Launches Frontier Company With $2.5B Bet
Openai Proposes 5 U S Government Equity Stake
OpenAI Proposes 5% U.S. Government Equity Stake
Internet
Whatsapp Launches Username Reservation Feature
WhatsApp Opens Username Reservations for Its 3 Billion Users
Chrome 149 Update Fixes Serious Vulnerabilities
Google Chrome 149 Fixes 18 Serious Security Flaws
Meta Hands Whatsapp Reins To Cred Founder Kunal Shah
Meta Hands WhatsApp Reins to CRED Founder Kunal Shah
Major X Outage Disrupts Users Worldwide
Major X Outage Disrupts Users Worldwide, Service Restored
Meta Adds 13 Plus Age Verification For Teen Safety
Meta Adds 13+ Content Settings and AI Age Checks for Teens
Telegram Restricted In India Temporarily
Telegram Restricted in India as NEET Fraud Crackdown Grows
Technology
Microsoft Lays Off 4800 Employees
Microsoft Cuts 4,800 Jobs, Resets Xbox Strategy
Chrome Update Fixes 382 Vulnerabilities
Chrome 150 Patches 382 Security Fixes, 15 Critical
Apple Leak Reveals Six New Iphones For 2027
Massive Apple Leak Reveals Six New iPhones for 2027
Google Finance Comes Out Of Beta With Android App
Google Finance Gets Major AI Upgrade and New Android App
Windows Recycle Bin Bug Confirmed After June Security Update
Windows Recycle Bin Bug Confirmed After June Security Update
Apple Urgently Fixes Beats Studio Buds Bug
Apple Urgently Fixes Beats Studio Buds Bug That Enabled Spying
Gaming
Gta Vi Official Cover Art
GTA 6 Pre-Orders Start June 25, New Cover Art Unveiled
Epic Games Teases Unreal Engine 6 For Rocket League
Epic Games Teases Unreal Engine 6 for Rocket League
Stardew Valley Launched For Nintendo Switch 2 Edition
Stardew Valley Switch 2 Edition Arrives with Online Co-op
Hogwarts Legacy Game Crosses 40m Downloads
Hogwarts Legacy Crosses 40M Sales, Beating Industry Giants
Pubg Black Budget Closed Alpha Launched
PUBG: Black Budget Launches Closed Alpha Test With a Bold PvPvE Twist
Counter Strike 2 Skin Market Crashes After Valve Update
Counter-Strike 2’s $5.9 Billion Skin Economy Just Got Shattered
Newsletter

Subscribe To Our Newsletter!

Be the first to get exclusive offers and the latest news.

Newsletter

Subscribe To Our Newsletter!

Be the first to get exclusive offers and the latest news.