!revelC
Malware-flingers do it back-to-front : scaM snaps, spans Macs
Miscreants have brewed up an exceptionally sneaky strain of Mac malware that uses back-to-front trickery to disguise its true nature. Janicab, which is written in Python, takes advantage of the right-to-left (RTL) U202E Unicode character to mask the malicious file’s real extension. The U202E marker applies a right-to-left …
-
-
Tuesday 16th July 2013 12:12 GMT Anonymous Coward
Mac users tend not to be as stupid as the flock of Android Sheep, if you read that and still click on the 'yes please fcuk my system please' then tough luck.
The difference between this and Android Malware is that Android Malware gets installed without any interaction or the user knowing about it.
Users of Apple products are generally more literate and educationally more advanced than the average Fandroid and less likely to be conned so easily. Also Apple will most probably withdraw the developer ID, might take a year or two though.
-
-
-
-
Wednesday 17th July 2013 03:17 GMT Wzrd1
Re: but Macs don't get viruses
Quite true. This Mac that I'm using has only one problem.
A defective keyboard-chair interface.
Oops, it's not defective, I don't click yes on things that behave strangely. I also don't open documents that I'm not expecting. Or go to strange websites.
Which explains why I'm never on Facebook, one cannot get stranger than that!
-
-
Wednesday 17th July 2013 03:43 GMT P. Lee
Re: but Macs don't get viruses
> How can this be?! Saint Steve of Jobs, preserve us!
Actually he has.
I think by default, "only install from Apple's app store" is switched on. No amount of clicking will install random stuff from the internet while that's ticked.
I couldn't install (VLC I think it was) until I had gone to "preferences" and set it to "install from anywhere," installed the software. Then I set it back to "app store" only.
-
Tuesday 16th July 2013 11:47 GMT Pascal Monett
What I really like ...
... is the explanations for removing the cron jobs (from the article linked in the linked article ), where the (certainly competent) technical writer warns that a simple space "could have disastrous consequences".
In other words, if you fail trying to remove the malware, you'll bugger up your system much worse than if you left it alone !
Of course, any command that includes rm in its list of arguments is not to be trifled with !
-
Tuesday 16th July 2013 18:33 GMT Daniel B.
But then...
This means that the alert will show up before we actually execute the app. That is, the OS would show us the alert and we have to click Open to run it? (or nepO?)
If anyone gets a sdrawkcab message and clicks OK, they're asking for it. I'd be more worried on a trojan that wouldn't ask for permission...
-
Wednesday 17th July 2013 00:54 GMT Mark 65
FFS
You'd need to be full retard to give permission to anything that caused the display of such a message. "Oh, it's written backwards, isn't that clever? I best give it access to my system." Unless you then give it raised permissions via the necessary authentication dialog it will still only have rudimentary user permissions.
-