WinRAR remains a staple utility for handling compressed archives on personal computers, often installed alongside essentials like media players and image viewers. However, Google's security experts have revealed that a persistent flaw in the program is under active assault from advanced threat actors linked to Russian and Chinese interests.
The Threat Intelligence Group at Google highlights CVE-2025-8088, a weakness that enables attackers to place harmful files on devices via outdated WinRAR editions. Identified in the previous year and fixed in July 2025, this issue continues to affect legacy installations. The report details four cyber operations, purportedly supporting Russia's conflict in Ukraine, focusing on both military and non-military targets there. Separately, a China-based entity is leveraging the flaw to deploy remote access malware.
Beyond government-affiliated actors, the vulnerability attracts cybercriminals seeking monetary profits, with incidents reported in Brazil, other parts of Latin America, Indonesia, and additional locations. Exploits incorporating this method appear in underground markets, where vendors offer full malware suites priced from $80,000 to $300,000, aimed at compromising operating systems, productivity suites, secure networking tools, and security applications.
Google's analysts are distributing indicators to aid in spotting these WinRAR-related threats. For optimal defense, users should promptly apply the available update, as the patch has been ready for nearly half a year. Meanwhile, the necessity of dedicated archivers like WinRAR has diminished, given the proprietary RAR format's declining dominance and built-in Windows capabilities for extracting ZIP, 7-Zip, and RAR archives.