Nasty WinRAR bug is being actively exploited to install hard-to-detect malware