back to article Malware-flingers do it back-to-front : scaM snaps, spans Macs

Miscreants have brewed up an exceptionally sneaky strain of Mac malware that uses back-to-front trickery to disguise its true nature. Janicab, which is written in Python, takes advantage of the right-to-left (RTL) U202E Unicode character to mask the malicious file’s real extension. The U202E marker applies a right-to-left …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    !revelC

    1. Anonymous Coward
      Anonymous Coward

      Mac users tend not to be as stupid as the flock of Android Sheep, if you read that and still click on the 'yes please fcuk my system please' then tough luck.

      The difference between this and Android Malware is that Android Malware gets installed without any interaction or the user knowing about it.

      Users of Apple products are generally more literate and educationally more advanced than the average Fandroid and less likely to be conned so easily. Also Apple will most probably withdraw the developer ID, might take a year or two though.

      1. SmarterThanTheAverageBear
        Paris Hilton

        "Users of Apple products are generally more literate and educationally more advanced..."

        Reminds me of Posh Spice as a user of enhanced breasts;

        Paris as a user of the ontological argument.

        Such literacy. Such educational advancification. Such lovely, smooth shiny curves.

      2. Graham Lockley
        Thumb Up

        'Users of Apple products are generally more literate and educationally more advanced than the average Fandroid and less likely to be conned so easily'

        Trolling of the first order, well done sir !

        Not sure what the Android connection is or is there a version of this trojan out for IOS ?

  2. Anonymous Coward
    Anonymous Coward

    but Macs don't get viruses

    How can this be?! Saint Steve of Jobs, preserve us!

    1. Anonymous Coward
      Anonymous Coward

      Re: but Macs don't get viruses

      Over 1,700 vulnerabilities in OS-X and counting. That's worse than pretty much anything bar a Linux distribution...

      1. proto-robbie
        Linux

        Re: but Macs don't get viruses

        Eadon? Eadon? Is that you?

    2. Jess

      Re: but Macs don't get viruses

      I think this qualifies as a trojan. (And you even get warned what it is)

    3. Lockwood
      Gimp

      Re: but Macs don't get viruses

      Yeah, I was brainwashed to believe they were faultless.

      El Reg must be lying about there being a problem with Macs

      1. Wzrd1 Silver badge

        Re: but Macs don't get viruses

        Quite true. This Mac that I'm using has only one problem.

        A defective keyboard-chair interface.

        Oops, it's not defective, I don't click yes on things that behave strangely. I also don't open documents that I'm not expecting. Or go to strange websites.

        Which explains why I'm never on Facebook, one cannot get stranger than that!

    4. P. Lee
      Angel

      Re: but Macs don't get viruses

      > How can this be?! Saint Steve of Jobs, preserve us!

      Actually he has.

      I think by default, "only install from Apple's app store" is switched on. No amount of clicking will install random stuff from the internet while that's ticked.

      I couldn't install (VLC I think it was) until I had gone to "preferences" and set it to "install from anywhere," installed the software. Then I set it back to "app store" only.

  3. LinkOfHyrule
    Coat

    !sdratsab ykaens ehT

    I'll get me coat!

    Mines the one that's on back to front of course!

  4. Pascal Monett Silver badge

    What I really like ...

    ... is the explanations for removing the cron jobs (from the article linked in the linked article ), where the (certainly competent) technical writer warns that a simple space "could have disastrous consequences".

    In other words, if you fail trying to remove the malware, you'll bugger up your system much worse than if you left it alone !

    Of course, any command that includes rm in its list of arguments is not to be trifled with !

  5. FanMan

    OK mes enfants

    please forego the usual snidery and advise us poor benighted fanfolk how to react short of switching to mi ... mmmm mmkks... ... sorry I can not even say the m word without rising nausea but you know what I mean.

    1. User McUser
      Headmaster

      I thought it was pretty obvious...

      When the computer backwards-asks you if want to run a program, click the "No" button.

      1. Sebastian A

        Re: I thought it was pretty obvious...

        You mean the "on" button? :p

    2. Wzrd1 Silver badge

      Re: OK mes enfants

      The answer is obvious! Switch to *BSD.

  6. Daniel B.
    Boffin

    But then...

    This means that the alert will show up before we actually execute the app. That is, the OS would show us the alert and we have to click Open to run it? (or nepO?)

    If anyone gets a sdrawkcab message and clicks OK, they're asking for it. I'd be more worried on a trojan that wouldn't ask for permission...

  7. Mark 65

    FFS

    You'd need to be full retard to give permission to anything that caused the display of such a message. "Oh, it's written backwards, isn't that clever? I best give it access to my system." Unless you then give it raised permissions via the necessary authentication dialog it will still only have rudimentary user permissions.

  8. Wzrd1 Silver badge

    One thought though, it most certainly won't trouble Arabic readers. :)

This topic is closed for new posts.

Other stories you might like