Tuesday, July 16, 2013 [Tweets] [Favorites]

Signed Mac Malware Using Right-to-Left Override Trick

F-Secure:

The objective here is not as convoluted as the one described in Kreb’s post. Here it’s simply to hide the real extension. The malware could have just used “Recent New.pdf.app”. However OS X has already considered this and displays the real extension as a precaution.

[…]

However, because of the RLO character, the usual file quarantine notification from OS X will be backwards just like the Krebs case.

1 Comment

"Problem" reported to Apple in August 2011.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment