Government-backed groups from Russia (e.g., RomCom, UAC-0099) and China (e.g., Amaranth-Dragon), as well as financially motivated cybercriminals.
A path traversal flaw discovered in July 2025 that allows attackers to drop malicious files into sensitive system folders (like the Startup folder) when an archive is opened.
The "insidious" nature of these RAR files stems from their ability to bypass traditional user caution:
A high-severity flaw that spoofed file extensions, hiding executables behind benign names like .jpg or .pdf .
Remote Code Execution (RCE) via Archive Exploitation. Primary Vulnerabilities:
Complete system compromise, delivery of RATs (Remote Access Trojans) like Remcos or DarkMe, and theft of funds from financial accounts. Technical Analysis of the Exploitation