![Posted by a snivelling, miserable coward Anonymous Coward](/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/icons/comment/anonymous_48.png)
!revelC
Miscreants have brewed up an exceptionally sneaky strain of Mac malware that uses back-to-front trickery to disguise its true nature. Janicab, which is written in Python, takes advantage of the right-to-left (RTL) U202E Unicode character to mask the malicious file’s real extension. The U202E marker applies a right-to-left …
Mac users tend not to be as stupid as the flock of Android Sheep, if you read that and still click on the 'yes please fcuk my system please' then tough luck.
The difference between this and Android Malware is that Android Malware gets installed without any interaction or the user knowing about it.
Users of Apple products are generally more literate and educationally more advanced than the average Fandroid and less likely to be conned so easily. Also Apple will most probably withdraw the developer ID, might take a year or two though.
Quite true. This Mac that I'm using has only one problem.
A defective keyboard-chair interface.
Oops, it's not defective, I don't click yes on things that behave strangely. I also don't open documents that I'm not expecting. Or go to strange websites.
Which explains why I'm never on Facebook, one cannot get stranger than that!
> How can this be?! Saint Steve of Jobs, preserve us!
Actually he has.
I think by default, "only install from Apple's app store" is switched on. No amount of clicking will install random stuff from the internet while that's ticked.
I couldn't install (VLC I think it was) until I had gone to "preferences" and set it to "install from anywhere," installed the software. Then I set it back to "app store" only.
... is the explanations for removing the cron jobs (from the article linked in the linked article ), where the (certainly competent) technical writer warns that a simple space "could have disastrous consequences".
In other words, if you fail trying to remove the malware, you'll bugger up your system much worse than if you left it alone !
Of course, any command that includes rm in its list of arguments is not to be trifled with !
This means that the alert will show up before we actually execute the app. That is, the OS would show us the alert and we have to click Open to run it? (or nepO?)
If anyone gets a sdrawkcab message and clicks OK, they're asking for it. I'd be more worried on a trojan that wouldn't ask for permission...
You'd need to be full retard to give permission to anything that caused the display of such a message. "Oh, it's written backwards, isn't that clever? I best give it access to my system." Unless you then give it raised permissions via the necessary authentication dialog it will still only have rudimentary user permissions.