The attack still works and it is less obvious than you might expect. For context, an SCR file is a regular executable, treated the same as a .EXE or .COM.
> RTLO is a non-printing Unicode character that causes the text that follows it to be displayed in reverse. For example, a Windows screensaver executable named `March 25 \u202Excod.scr` will display as `March 25 rcs.docx`. A JavaScript file named `photo_high_re\u202Egnp.js` will be displayed as `photo_high_resj.png`
I think the examples are pretty scary if you ask me, but most anti-virus software do warn you when they come across those types of files.
The RTL override is necessary for embedding right-to-left content inside left-to-right text. If you ever want to combine Arabic and English in one sentence, you'll probably want an override in there.
You could use HTML and other formatting tricks to do the same, but this control character is a very valid and useful part of Unicode.
From https://attack.mitre.org/techniques/T1036/002/:
> RTLO is a non-printing Unicode character that causes the text that follows it to be displayed in reverse. For example, a Windows screensaver executable named `March 25 \u202Excod.scr` will display as `March 25 rcs.docx`. A JavaScript file named `photo_high_re\u202Egnp.js` will be displayed as `photo_high_resj.png`
I think the examples are pretty scary if you ask me, but most anti-virus software do warn you when they come across those types of files.