OSX/HiddenLotus is a malware dropper/application bundle that uses a novel technique to masquerades as a '.pdf'. The 'd' in the extension is actually an encoded Roman numeral. Because it isn't a true '.pdf' extension the pdf handler is not invoked. This causes macOS to fall back to the bundle structure and launch it as an application when double-clicked by the user [1].

References:

1. https://blog.malwarebytes.com/threat-analysis/2017/12/interesting-disguise-employed-by-new-mac-malware