New Mac-malware uses a trick with the names of files
Finnish antivirus vendor F-Secure reports the detection of new malicious code for the operating system Mac OS X, using a fake system installed in the operating system and is disguised as a standard file system. The malware used in Unicode special characters in the file name, allowing you to visually display the malware in the system as a standard documentary file.
Unlike Windows, where the system relies only on the file extension to determine the file type and the replacement of the expansion on. doc or. pdf already allows to associate code with the appropriate type of application in Mac OS X this trick does not pass and the Finder detects file types are not to resolve, and in the initial sequence of the structure. However, the trick with special characters in Unicode can cheat and this approach.
Technically, learn the true nature of the file can be in the Terminal Mac OS X, but 99% of Mac users do not use it to navigate through the file system. To deceive those same 99% of users, the attackers were added to the name of the Unicode character U +202 e, or the so-called carriage return in RLO (right to left override) and securely hid the true expansion. app applications, replacing him something more innocuous, such as. doc or. rtf. Thus, in the new OS file to the user detected as a text or PDF, but he did not lose his binary-malicious nature.
At F-Secure said that the new method is quite original, and they have already submitted the new data at Apple, the developer Mac OS made the appropriate protection mechanisms. The company says that against this attack can partially help system Gatekeeper, built into the Mac OS. According to the F-Secure, inside the file is malware Backdoor: Python / Janicab.A, allows access to the user's computer to install other malicious programs.
.jpg)
