Paying for WinRAR in all the wrong ways

Google’s Threat Analysis Group (TAG) highlights active exploitation of a vulnerability found in the decompression app WinRAR despite an update. The breach, traced to Russian and Chinese state-backed threat actors, allows malware to infiltrate through a flaw in Windows’ ShellExecuteExW function. Despite a patch in August, many users remain vulnerable due to lack of software update. The exploit involves running malicious files hidden in a RAR archive, bypassing file extensions checks by executing malware extensions with spaces.