Russian threat actor Gamaredon is actively exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR, to deploy multiple malware families including GammaPhish, GammaWorm, and GammaSteel targeting Ukrainian entities. The attack chain uses weaponized archives to deliver HTML Application payloads designed for data exfiltration and lateral propagation across compromised networks.
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
