Amaranth‑Dragon Leverages New WinRAR Flaw to Target SE Asia Infrastructure

Check Point researchers have uncovered an active campaign by the Amaranth‑Dragon group, an offshoot of the APT‑41 nexus, that weaponizes the newly disclosed CVE‑2025‑8088 vulnerability in WinRAR. The actors distribute malicious RAR archives; when a victim extracts the archive, the embedded payload executes automatically, establishing persistence through scheduled tasks and registry modifications. The campaign is focused on high‑value entities in Southeast Asian governments and critical infrastructure sectors.

Defenders should prioritize patching WinRAR to the latest version and disabling the vulnerable “unrar” feature in environments where RAR files are processed. Monitoring for anomalous execution of “unrar.exe”, newly created scheduled tasks, and unexpected registry keys can reveal compromise. The linkage to APT‑41 underscores the sophistication of the threat, making rapid detection and remediation essential to prevent espionage and potential downstream attacks.

Categories: Vulnerabilities & Exploits, Threat Intelligence, Malware & Ransomware

Source: Read original article