A common use of this technique is with Spearphishing Attachment/Malicious File since it can trick both end users and defenders if they are not aware of how their tools display and render the RTLO character. Use of the RTLO character has been in many targeted intrusion attempts and criminal activity. RTLO can be used in the Windows Registry as well, where regedit.exe display the reverse characters but the command line tool reg.exe does not by default.
It uses the RTLO to spoof extensions and it as well masquerades the binary by changing its Icon.
The tool is very simple, Run, Choose your Payload and Apply the Spoof extension and the Source Extension.
We hit Generate and our original file will change with the new extension and spoofed name as well.
This was a simple demonstration on how to apply this methodology to trick users in believing they are opening another file this may trick the majority of users since they see an Icon unrelated to EXE and an Extension that is known to not be malicious (maybe).