WinRAR (CVE-2025-8088): stealers used in attacks against Ukraine

Colleagues, a cybersecurity alert: the WinRAR vulnerability (CVE-2025-8088) remains exploited against Ukrainian organizations.
Trend Micro reports two campaigns — SHADOW-EARTH-066 and Earth Dahu — abusing NTFS ADS path traversal; patched in July 2025.
SHADOW-EARTH-066: RAR archives disguised with PDF decoys and hidden ADS; a Startup LNK→cmd→PowerShell→in-memory DLL chain launches an updated GIFTEDCROOK stealer that exfiltrates credentials, cookies and documents; traces are then removed.
Earth Dahu: an HTA→VBScript chain (GammaPhish→GammaLoad→GammaSteel) establishing long-term access; activity observed through April 2026.
Why it matters: WinRAR is ubiquitous — weak update controls leave a door open.
How do you manage update controls and detection of such chains?
#cybersecurity #vulnerabilities #WinRAR #infosec


Latest comments
No comments yet.