A maliciously constructed “.exe” can be built to display an PDF icon, by using the right-to-left (RTL) character, it can fool you into thinking it looks like you are downloading a PDF file with a “.pdf” extension. In example image below, the 2nd file looks like a “.txt” file, but is really a “.docx” file (the 1st file). The 1st file has been cleansed of the RTL Unicode character, and is the a legitimate “.docx” file. The PDF file is actually an “.exe” file. Get download a sample of these files here. How does this happen? In apps that support Unicode like Window Explorer and MacOS Finder, RTL characters can be used to spoof fake extensions. To do this we need a hidden Unicode character in the file name, that will reverse the order of the characters that follow it. Support for RTL characters was added to support languages that are read right-to-left. Note. 99% (in NA) of the time these files are malicious. However, detection of malicious files is never done by a filename alone, so a good antivirus will flag the contents of this file, for known malware signatures.
To make sure no one downloads this malicious files from the website (and then infects their PC with malware), use a free software like Spy Hunter to scan for this malicious files.