Amaranth‑Dragon Exploits WinRAR CVE‑2025‑8088 for Southeast Asian Espionage

A China‑linked threat group identified as Amaranth‑Dragon is leveraging the recent WinRAR vulnerability (CVE‑2025‑8088) to distribute malicious RAR archives. The crafted archives execute a payload that gains elevated execution rights and establishes persistence on compromised systems. The campaign targets organizations across Southeast Asia, using the flaw to bypass traditional security controls and embed espionage tools directly in the archive.

Defenders should prioritize patching WinRAR to the latest version and implement detection rules for anomalous RAR file behavior, such as unexpected execution of embedded scripts or the creation of scheduled tasks after archive extraction. Monitoring for the group’s known IOCs—file hashes, command‑and‑control domains, and registry modifications—will help mitigate data exfiltration and reduce the risk of long‑term footholds in critical infrastructure.

Categories: Vulnerabilities & Exploits, Malware & Ransomware, AI Security & Threats

Source: Read original article