EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Patched WinRAR flaw still exploited via phishing to drop rats and infostealers

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-28 09:17 UTCUpdated 2026-01-28 22:48 UTC
rss
vulnerabilityexploitation_in_the_wildphishingmalwareratinfostealer
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest
Dark Reading · News · darkreading.com · 2026-01-28 22:48 UTC
Everybody is WinRAR phishing, dropping RATs as fast as lightning
theregister_security · News · go.theregister.com · 2026-01-28 18:59 UTC
limited source diversity in top sources
View all evidence
Overview

Dark Reading and The Register report that a WinRAR vulnerability remains under active exploitation despite being patched months earlier.

Entities
WinRAR
Score total
0.97
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • Multiple outlets are flagging active exploitation in the current cycle
  • Reports emphasize continued attacker success despite an older patch
  • Phishing and commodity malware outcomes keep the issue operationally relevant
Why it matters
  • Patch availability doesn’t prevent compromise when endpoints remain unpatched
  • Phishing-led exploitation can quickly translate into RAT/infostealer deployment
  • Broad actor mix suggests a repeatable intrusion path for multiple adversaries
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • A WinRAR vulnerability continues to be exploited months after a patch was released.
  • Both Russian and Chinese nation-state actors are described as exploiting the vulnerability.
How sources frame it
  • Dark Reading: neutral
  • The Register: neutral
Two outlets flag continued exploitation of a previously patched WinRAR flaw, with phishing used to deliver RATs/infostealers.
All evidence
All evidence
Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest
Dark Reading · darkreading.com · 2026-01-28 22:48 UTC
Everybody is WinRAR phishing, dropping RATs as fast as lightning
theregister_security · go.theregister.com · 2026-01-28 18:59 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • Dark Reading (1)
  • theregister_security (1)
Top origin domains (this list)
  • darkreading.com (1)
  • go.theregister.com (1)