If using repacks for legal backups, only use those from well-known, community-vetted sources who never hide passwords behind "survey" files or "password.txt" links in random directories.
A common tactic used by malicious actors is to host a file named password.txt.exe or a .txt file that contains a link to a "verification" site. These sites often force users to download "tools" or complete "surveys" that install adware, miners, or info-stealers on the victim's machine. 2. Honeypots and Traps index of password txt repack