Signed Mac Malware Using Right-to-Left Override Trick "Right-to-left override (RLO) is a special character used in bi-directional text encoding system to mark the start of text that are to be displayed from right to left. It is commonly used by Windows malware such as Bredolab and the high-profile Mahdi trojan from last year to hide the real extension of executable files. Check out this Krebs on Security post for more details on the trick."
I would hope there will be some OS X update to turn off unicode for filenames for systems that don't typically need it, or that perhaps checks for .app used in this way.
No comments:
Post a Comment