Feeds

back to article Malware-flingers do it back-to-front : scaM snaps, spans Macs

Miscreants have brewed up an exceptionally sneaky strain of Mac malware that uses back-to-front trickery to disguise its true nature. Janicab, which is written in Python, takes advantage of the right-to-left (RTL) U202E Unicode character to mask the malicious file’s real extension. The U202E marker applies a right-to-left …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

!revelC

3
0
Anonymous Coward

Mac users tend not to be as stupid as the flock of Android Sheep, if you read that and still click on the 'yes please fcuk my system please' then tough luck.

The difference between this and Android Malware is that Android Malware gets installed without any interaction or the user knowing about it.

Users of Apple products are generally more literate and educationally more advanced than the average Fandroid and less likely to be conned so easily. Also Apple will most probably withdraw the developer ID, might take a year or two though.

2
12
Paris Hilton

"Users of Apple products are generally more literate and educationally more advanced..."

Reminds me of Posh Spice as a user of enhanced breasts;

Paris as a user of the ontological argument.

Such literacy. Such educational advancification. Such lovely, smooth shiny curves.

5
0
Thumb Up

'Users of Apple products are generally more literate and educationally more advanced than the average Fandroid and less likely to be conned so easily'

Trolling of the first order, well done sir !

Not sure what the Android connection is or is there a version of this trojan out for IOS ?

4
0
Anonymous Coward

but Macs don't get viruses

How can this be?! Saint Steve of Jobs, preserve us!

11
3
Anonymous Coward

Re: but Macs don't get viruses

Over 1,700 vulnerabilities in OS-X and counting. That's worse than pretty much anything bar a Linux distribution...

3
6
Linux

Re: but Macs don't get viruses

Eadon? Eadon? Is that you?

1
1
Bronze badge

Re: but Macs don't get viruses

I think this qualifies as a trojan. (And you even get warned what it is)

3
0
Gimp

Re: but Macs don't get viruses

Yeah, I was brainwashed to believe they were faultless.

El Reg must be lying about there being a problem with Macs

1
1
Bronze badge

Re: but Macs don't get viruses

Quite true. This Mac that I'm using has only one problem.

A defective keyboard-chair interface.

Oops, it's not defective, I don't click yes on things that behave strangely. I also don't open documents that I'm not expecting. Or go to strange websites.

Which explains why I'm never on Facebook, one cannot get stranger than that!

0
0
Silver badge
Angel

Re: but Macs don't get viruses

> How can this be?! Saint Steve of Jobs, preserve us!

Actually he has.

I think by default, "only install from Apple's app store" is switched on. No amount of clicking will install random stuff from the internet while that's ticked.

I couldn't install (VLC I think it was) until I had gone to "preferences" and set it to "install from anywhere," installed the software. Then I set it back to "app store" only.

1
0
Coat

!sdratsab ykaens ehT

I'll get me coat!

Mines the one that's on back to front of course!

3
0
Silver badge

What I really like ...

... is the explanations for removing the cron jobs (from the article linked in the linked article ), where the (certainly competent) technical writer warns that a simple space "could have disastrous consequences".

In other words, if you fail trying to remove the malware, you'll bugger up your system much worse than if you left it alone !

Of course, any command that includes rm in its list of arguments is not to be trifled with !

3
0

OK mes enfants

please forego the usual snidery and advise us poor benighted fanfolk how to react short of switching to mi ... mmmm mmkks... ... sorry I can not even say the m word without rising nausea but you know what I mean.

1
0
Bronze badge
Headmaster

I thought it was pretty obvious...

When the computer backwards-asks you if want to run a program, click the "No" button.

5
0

Re: I thought it was pretty obvious...

You mean the "on" button? :p

1
0
Bronze badge

Re: OK mes enfants

The answer is obvious! Switch to *BSD.

0
0
Silver badge
Boffin

But then...

This means that the alert will show up before we actually execute the app. That is, the OS would show us the alert and we have to click Open to run it? (or nepO?)

If anyone gets a sdrawkcab message and clicks OK, they're asking for it. I'd be more worried on a trojan that wouldn't ask for permission...

0
0
Silver badge

FFS

You'd need to be full retard to give permission to anything that caused the display of such a message. "Oh, it's written backwards, isn't that clever? I best give it access to my system." Unless you then give it raised permissions via the necessary authentication dialog it will still only have rudimentary user permissions.

0
0
Bronze badge

One thought though, it most certainly won't trouble Arabic readers. :)

0
0
This topic is closed for new posts.