By renaming an ACE file with a RAR extension, hackers can manipulate WinRAR and extract a malicious program to a computer’s startup folder, explained Check Point, the company that discovered the bug. Without the user knowing, the program then runs automatically when the computer is restarted. According to McAfee, one exploit uses a bootleg copy of Ariana Grande’s latest album Thank U, Next, with a RAR extension.

We don’t know how many people have been impacted by the bug. Fortunately, the days of WinRAR being essential software have passed, but since 2002, it has had more than 500 million users, so this attack could still gain some traction.