New Mac malware disguised with right-to-left encoding trick

By   ISBuzz Team
Writer , Information Security Buzz | Jul 16, 2013 01:11 am PST

F-Secure is reporting that some new malware attempts in OS X are using a spoofing technique to disguise malicious installations as standard files. The technique involves using a special Unicode character in file names that will make an application appear to be a standard document file.

While applications can be renamed with “.doc” or “.pdf” extensions in the OS X Finder, the system will append the “.app” extension to show only the name has been altered and the file is still recognized as a program. This will happen even if you have the Finder set to hide file extensions.

Of course, you can use the Terminal and some other services to change the name from “.app” to “.doc” or something else; however, doing so will break the functionality of the application package and make it appear as a standard folder.


Recent Posts