>It is probable that this unknown component finds the last modified directory on the USB drive, hides it, and renames itself with the name of this directory, which is done by JackalWorm. We also believe that the component uses a folder icon, to entice the user to run it when the USB drive is inserted in an air-gapped system, which again is done by JackalWorm.
Mac and Gnome do too. I think somehow overlaying that it’s an executable and double-checking if you want to execute from a removable drive might be better techniques than worrying about file extensions which only help people who know what they’re doing already (in which case it’s common to configure the UI to show those extensions)
No. Colorblindness does not mean that one does not see any colors. There is only a tiny fraction of colorblind people who really cannot see any colors, and even they can still spot different luminances.
Allowing the user to run an executable directly off a USB drive seems like a very bad idea for an air-gapped computer. It's hard to imagine a scenario where this would be necessary.
Copying the "folder" onto the local machine first wouldn't have helped, though. It would still be an executable, and the user would still be enticed to double-click it (because it would still appear to be a folder which the user expected to contain desired files). We could fall back to "allowing the user to use a GUI to select files seems like a very bad idea when they come from the other side of an air gap", but at some point a concession has to be made to usability.
The problems here are to do with how Windows uses and presents file extensions.