A double file extension like ".pdf.exe" refers to a filename where two extensions appear consecutively. Malicious actors use this technique to disguise executable files as seemingly safe documents. While the operating system typically executes only the final true extension (e.g., .exe), attackers rely on users potentially overlooking the dangerous part or the system hiding known extensions by default. This makes the file appear as a harmless document (like a PDF) instead of a program (.exe).

Attackers frequently use double extensions in phishing emails targeting industries like finance or logistics. For example, a victim might receive an invoice labeled "INVOICE-2023.pdf.exe", believing it's safe to open. Similarly, fake documents like "Order_Details.xlsx.exe" can be shared via compromised cloud storage links or messaging platforms like email attachments, relying on the recipient trusting the visible extension.

Files with double extensions pose significant security risks. They are strongly associated with malware payloads aiming to steal data or compromise systems. The major advantage lies solely with attackers exploiting poor user awareness or default OS settings hiding full filenames. Always be suspicious of such files: verify the sender, ensure your system shows full file extensions, and avoid opening unexpected executables disguised as documents. This tactic persists because it successfully bypasses basic trust in filename appearance.