Some online courses or textbooks label exercise files as "EX(01)", "EX(02)", etc. [1, 2].

Generic names like "EX(01)" are frequently used by automated scripts to spread viruses or "browser hijackers" [3, 4].

Opening a .rar file can execute hidden scripts.

These files are often found on "mirrored" download sites that trick users into clicking buttons that look like legitimate download links [4].