To Elena’s eyes, the file looked like a harmless PDF: executare_silita_anfdp.pdf . The Execution
The attacker named the file executare_silita_an followed by the RTLO character. They then typed fdp.exe . executare_silita_an‮fdp.exe
In reality, the file Elena saw was a lie. The true name of the file on the server was executare_silita_an[RTLO]fdp.exe . To Elena’s eyes, the file looked like a
Elena was worried. She knew she was up to date on her taxes, but the name "pdf" at the end of the file gave her a sense of security. She clicked "Download." The Optical Illusion: The RTLO Trick In reality, the file Elena saw was a lie
The is a special invisible character (Unicode U+202E ) used in coding to reverse the order of the characters that follow it. Here is how the trick happened:
Malware often uses a fake PDF icon, but it may look slightly pixelated or "off" compared to your system's standard icons.