VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Gamaredon exploits WinRAR vulnerability to deliver GammaWorm and GammaSteel

Gamaredon эксплуатирует уязвимость WinRAR для доставки GammaWorm и GammaSteel

Colleagues, a cybersecurity advisory: Gamaredon is exploiting CVE-2025-8088 in WinRAR to deliver modular attack chains.

- GammaPhish (HTA) drops a VBScript loader, GammaLoad.
- GammaWorm: worm with persistence via Task Scheduler, concealment using LNK and ADS, C2 over public Telegram.
- GammaSteel: stealer exfiltrating files to AWS S3 or actor-controlled servers.
- Targeting: Ukrainian government entities; other families may be delivered.

Why it matters: software exploitation combined with social engineering and abuse of legitimate services hinders detection.

Recommendations: update WinRAR, monitor HTA/VBScript, audit ADS and scheduled tasks, and filter Telegram traffic.

What measures do you have to defend against such chains?

#cybersecurity #APT #WinRAR #malware

Latest comments

No comments yet.