PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Hackers Still Exploiting WinRAR Flaw Even Though Fix Was Released 6 Months Ago

WinRAR doesn't have an auto-update function, meaning PCs are vulnerable until you manually update. The bug is still being widely exploited, Google security researchers warn.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: WinRAR)

If you use WinRAR, the free file archive utility for Windows, consider installing the latest version. Hackers are still exploiting a vulnerability in the program, even though a patch has been available for six months. 

Google security researchers have “identified widespread, active exploitation” of the flaw, CVE-2025-8088, including from state-sponsored hackers, likely based in China and Russia, along with financially motivated cybercriminals. 

The vulnerability, which affects the Windows version of WinRAR, is an easy target partly because the program has over 500 million users worldwide. WinRAR is also designed to open and view archive files, including in the ZIP and RAR formats. 

Meanwhile, CVE-2025-8088 can be abused to create booby-trapped archive files that can load malicious computer code into a hacker-selected path on a Windows PC. Antivirus vendor ESET originally discovered and reported the flaw in July after observing a Russian hacking group, RomCom, sending phishing emails carrying RAR files designed to exploit the vulnerability.  

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

On Tuesday, Google’s security researchers published a report about detecting hacking groups exploiting the WinRAR flaw since August and as recently as Jan. 22. Four groups in particular used malicious archive files to target government and military entities in Ukraine. A Chinese group has also been using the flaw to deliver Poison Ivy malware. 

(Credit: Google)

On top of all this, various cybercriminals groups have been abusing the flaw in countries including Indonesia, Brazil, and Latin America to spread malware capable of backdooring a Windows PC or harvesting passwords. Google uncovered evidence of malware creators in underground forums incorporating the WinRAR flaw into their attacks. 

“In December and January 2026, we have continued to observe malware being distributed by cyber crime exploiting CVE-2025-8088, including commodity RATS [remote access Trojans] and stealers,” Google further warned. “When a reliable proof of concept for a critical flaw enters the cyber criminal and espionage marketplace, adoption is instantaneous, blurring the line between sophisticated government-backed operations and financially motivated campaigns.”

The problem is that WinRAR lacks an auto-update function, meaning affected users need to manually download and install the latest version. The vulnerability was fixed with version 7.13 of WinRAR, which has since published beta releases for WinRAR 7.20. So users should manually update to stay protected.