According to Theverge , Google's Threat Analysis Group (TAG) has discovered multiple government-backed hacking groups exploiting the WinRAR vulnerability since early 2023. Describing the WinRAR attack in detail on the blog, TAG said: "A patch is now available, but many users' devices appear to be vulnerable. Government-backed actors from several countries have exploited the WinRAR vulnerability as part of their operations."

WinRAR versions 6.24 and 6.23 both include fixes, but the application does not update automatically, so users will have to download and install the patch manually.

The WinRAR vulnerability allows attackers to execute arbitrary code when a Windows user opens something like a PNG file in a ZIP archive. TAG describes the exploit as "a logic flaw in WinRAR that causes an unrelated temporary file extension when processing crafted archives, combined with a bug in Windows' ShellExecute implementation when attempting to open a file with an extension containing a space."

TAG said the widespread exploitation of the WinRAR bug shows that exploiting a known vulnerability can be highly effective for hackers. This highlights the importance of patching and that there is still much work to be done to make it easier for users to keep their software secure and up to date.

This isn't the first time a major WinRAR vulnerability has been discovered. In 2019, cybersecurity firm Check Point Research discovered a 19-year-old code execution vulnerability that could give an attacker full control of a victim's computer.

If you're running Windows 11, you can simply use the native tool that supports RAR or 7-zip files provided in the latest OS update.