WinRAR, one of the most popular file compression tools in the world, is in the news for the wrong reason. A dangerous bug found in WinRAR for Windows lets hackers put files in system folders that run automatically when your PC starts. This means they can sneak in malware that stays on your computer, even after you restart.
The flaw, called CVE-2025-8088, has already been used in real attacks. Hackers send infected RAR files in phishing emails. If you open them with an old version of WinRAR, the malicious files can land in Windows startup folders. From there, they can install spying tools, steal your data, or give hackers long-term access to your system.
Researchers at ESET found that a group known as RomCom is behind some of these attacks. RomCom has been linked to cyber-espionage and ransomware operations. They are known for using hidden, encrypted tools that are hard to detect.
The problem affects WinRAR for Windows, along with RAR, UnRAR, and related tools. Unix and Android versions are safe.
WinRAR has released version 7.13 Final to fix the bug. It stops archive files from placing content outside the chosen folder. But WinRAR does not update on its own. So, you have to download the update yourself from the official site.
Also see: Best Antivirus Software
Experts say all WinRAR users should update right away. They also warn people to avoid opening attachments from unknown senders, use antivirus tools that scan archive files, and check startup folders for strange files.
With over 500 million users, WinRAR is a big target. This is the second serious flaw found in the software this year.
