CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
CYFIRMA Research
CYFIRMA Research- Weaponized WinRAR Exploitation and Stealth Deployment of Fileless .NET RAT
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
WinRAR CVE-2025-8088 is a path validation vulnerability that allows a crafted RAR archive to write files outside the intended extraction directory during unpacking.
In the observed attack chain, this behavior is abused to silently drop a malicious script into the Windows Startup folder, establishing persistence without requiring administrative privileges or explicit execution by the user. Once triggered, execution continues through an obfuscated Batch script and a PowerShell loader, ultimately leading to in-memory execution of a .NET RAT, using process injection.
The key takeaway is that trusted software and normal user actions can be enough to achieve compromise. Monitoring archive extraction behavior and unexpected Startup folder writes is becoming increasingly important for detection.
Link to the Research Report: Weaponized WinRAR Exploitation and Stealth Deployment of Fileless .NET RAT - CYFIRMA
#CYFIRMA #CYFIRMAResearch #CyberSecurity #ThreatResearch
#MalwareAnalysis #CTI #WinRAR #CVE #ETLM
#ExternalThreatLandscapeManagement
https://www.cyfirma.com/