Close

  • Newly Discovered Mac OS X Malware Spoofs Apps By Using Standard File Extensions

    Results 1 to 1 of 1
    1. 15th July 2013 #1
      evilsatan
      evilsatan is offline
      DF Super Moderator
      evilsatan's Avatar
      Join Date
      Jul 2004
      Location
      Essex
      Posts
      20,081
      Thanks
      1,105
      Thanked:        3,242
      Karma Level
      1542

      Info Newly Discovered Mac OS X Malware Spoofs Apps By Using Standard File Extensions

      A new OS X malware uses standard extensions such as .pdf and .doc to disguise malicious files as basic, harmless subjects. Discovered by F-Secure, the spoof technique uses a special Unicode character found in file names that gives an app the appearance of a standard document file, and although the threat level is quite low at this point, any malware and outbreak should be treated with a dose of respect and vigilance.

      OS X has long since been regarded as a safe haven, free from the malware and Trojan attacks that have plagued the Windows operating system over the years. However, Apple’s claim on its website that Macs weren’t susceptible to such problems had to be hastily removed in light of last year’s Flashback Trojan outbreak, and incidentally enough, F-Secure was at the heart of the clean-up job back then.



      The new malware can, F-Secure has noted, open up disguised as a PDF document before creating a "cron" entry, capable of automatically launching Python scripts that in turn will try to connect to remote servers. When a successful connection to these servers is made, it the malware will attempt to upload screenshots and audio snippets that can, as you would imagine, be used for unscrupulous ends.

      The chances of falling foul of this method would seem small indeed, particularly for those running the Gatekeeper feature which only authorizes the running of App Store-sourced apps. With that said, F-Secure has suggested that the spoofing technique has been found in malware signed with a valid Apple developer ID, so it’s certainly not something to be taken with a pinch of salt.



      As Gatekeeper revokes the Apple developer ID in question, Gatekeeper will flag the program as having issues. So long as Apple stays on top of this, Gatekeeper should do as it purports in offering adequate protection against infiltration. By heading over to the Security & Privacy system preferences with OS X and setting Gatekeeper to only allow programs from the Mac App Store you can take a more proactive stance and stave off any potential threat from ‘legitimate’ Apple Developer IDs.



      Although not on the scale of Flashback, the new malware, which F-Secure has dubbed Backdoor:Python/Janicab.A, serves as a reminder that no platform is entirely safe, and that everybody should remain cautious when using any kind of software.
      (Source: F-Secure)

      Source
      Last edited by evilsatan; 16th July 2013 at 02:55 PM.

      Reply With Quote Reply With Quote
    « Previous Thread | Next Thread »

    Similar Threads

    1. gta3 save file 4 u all (pc)
      By neilmachin in forum PC Gaming
      Replies: 6
      Last Post: 14th January 2003, 01:52 PM
    2. Wicked Flash File
      By Pegasus in forum The Dog and Duck
      Replies: 11
      Last Post: 13th November 2002, 11:46 PM
    3. T100 To T108 Flash File
      By BAZZO69 in forum Unlocking Questions & Solutions
      Replies: 7
      Last Post: 4th September 2002, 07:53 PM
    4. Ultradev Extensions
      By toocanx in forum PC Software
      Replies: 2
      Last Post: 31st August 2002, 10:16 AM

    Social Networking Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  

    Forum Rules