New Mac malware disguised with right-to-left encoding trick

F-Secure is reporting that some new malware attempts in OS X are using a spoofing technique to disguise malicious installations as standard files. The technique involves using a special Unicode character in file names that will make an application appear to be a standard document file.

While applications can be renamed with “.doc” or “.pdf” extensions in the OS X Finder, the system will append the “.app” extension to show only the name has been altered and the file is still recognized as a program. This will happen even if you have the Finder set to hide file extensions.

Of course, you can use the Terminal and some other services to change the name from “.app” to “.doc” or something else; however, doing so will break the functionality of the application package and make it appear as a standard folder.