bleepingcomputer[.]com/news/security/winrar-sfx-archives-can-run-powershell-without-being-detected/
RAR files are a lot like ZIP or 7-Zip files -- one or more files compressed into a single archive file. And like those other 2, you can use the WinRAR app to create a self extracting file -- rather than having to expand it using installed software, the file itself includes that portion of the app, so double clicking the file expands the contents for you. RAR SFX files can also start other software once it's done expanding the contents -- the installation routine of several apps uses SFX files to expand the setup files & then run the installer. Cyber criminals are also making use of that feature to do bad things, and most times security software will not pick up on it to block them or notify you. SO be extra careful of downloading SFX files or if/when they come as email attachments.