F-Secure:The objective here is not as convoluted as the one described in Kreb’s post. Here it’s simply to hide the real extension. The malware could have just used “Recent New.pdf.app”. However OS X has already considered this and displays the real extension as a precaution.[…]However, because of the RLO character, the usual file quarantine notification … Continue reading Signed Mac Malware Using Right-to-Left Override Trick