A recently discovered zero-day vulnerability in WinRAR has been exploited in a malware distribution campaign that has been ongoing since April. The vulnerability, known as CVE-2023-3881, allows attackers to create malicious zip archives with spoofed file extensions, concealing them as harmless files.
It is highly recommended that users upgrade to the latest version (6.23) of WinRAR.