The operating system sees the app bundle as an unsupported directory type, so as a default action the “open” command is used to execute the malicious app. Otherwise, if the postfix is .doc without special characters, Microsoft Word is called to open the app bundle as a document; but since it is not a valid document, the app fails to open it.
Read full article on HackRead