: When a user clicks the "safe" file, WinRAR mistakenly executes the malicious script instead.
WinRAR and 7-Zip have recently been targeted by high-severity exploits that allow attackers to run malicious code when a user simply opens or views a file within an archive. CVE-2023-38831: Extension Spoofing
This vulnerability was used as a "zero-day" starting in April 2023.
: Attackers hide malicious scripts in a folder with the same name as a harmless file (like photo.jpg ).