A new piece of digitally signed spyware for Mac OS X uses a special Unicode character in its file name to hide its real file extension from users and trick them into installing it.
The malware, which has been dubbed Janicab.A, is written in Python and is packaged as a stand-alone Mac application using the py2app utility, researchers from security firm F-Secure said Monday in a blog post.
It is distributed as a file called “RecentNews.?fdp.app” where the “?” is actually the right-to-left override (RLO) character known as U+202E in the Unicode encoding standard.
Unicode supports characters from most languages, including those written from right to left like Arabic and Hebrew. The special RLO character tells software that the text following it should be displayed from right to left.
To read this article in full or to leave a comment, please click here