The .txt extension is a lie. The file is actually an executable (.exe, .scr, .com) with a double extension trick: password.txt.exe (with ".exe" hidden by Windows default settings). When you click it, instead of opening Notepad, you run a password-stealing trojan.
What it does:
The file may actually look like a text file, but it exploits a vulnerability in your text editor or viewer. Modern variants use Unicode control characters to reverse the extension (e.g., passpwd.exe displays as password.txt). Password.txt File Download
Once opened, it drops ransomware, a keylogger, or a remote access trojan (RAT) onto your machine. But really, don't
Even in legitimate scenarios, keeping passwords in a plaintext file named password.txt on your desktop is a catastrophic practice. Malware specifically hunts for files with these keywords. So does anyone with physical access to your machine. don't. Use a password manager (Bitwarden
If you absolutely must use a plaintext file for temporary password storage:
But really, don't. Use a password manager (Bitwarden, 1Password, KeePass) instead.