Online article, werewolf uses Winrar's safety holes to organize malicious campaigns. The representative of the internet intelligence platform specializes in collecting and analyzing data threatening to Russian companies that have made this conclusion, according to RBC's report with reference to the information received. Winrar, one of the most popular archives in Russia, is installed by about 80% of the company's computer running Windows.
Paper werewolf attackers were carried out in July – early August 2025, a series of attacks on organizations in Russia and Uzbekistan. The attacks of fraudulent messages are distributed with RAR storage documents containing malicious programs and have used two holes in Winrar to hide this harmful code on target devices.
The spy groups, focusing on collecting information, constantly improving tactics and tools, supplementing the arsenal by new exploitation. The use of RAR storage documents pursuing dual targets: Not only exploiting holes in Winrar to introduce malware, but also increase the ability to ignore mail filters, because such investments are a common factor of business correspondence, the head of a specialized cyber intelligence platform in the collection and analysis of companies.
One of the victims of paper werewolves is Russia's specialized equipment manufacturer. Using a hacked electronic box, the attackers sent a physics a mask for documents from the ministry and contained the revised XPS viewing process, providing remote control for an infringing device.
Initially, the paper werewolf used the gap of CVE-2025-6218 in Winrar 7.11, then switched to the operation of a new distance, touching the same version of Archiver. Right before that, an exploitation appeared on a hacker resource closed to this gap, proposed to sell for $ 80,000.
Winrar is one of the leading archives in Russia, it is used by 79% of domestic companies in Windows Workstations. The demand is confirmed by a large amount of monthly license sales – about 10,000. However, the wide circulation rate makes the program an attractive goal for network control, according to Bi.zone threatening intelligence, accounting for 36% of all attacks recorded in Russia to collect secret information.
See also: Hacker has hacked the factory's electronic board in Noginsk to admit love
Mk in max: main news – fast, honesty, nearby