Hat tip to my friend and sometime co-author Robert Slade, for bringing to my attention a Dilbert cartoon somewhat relevant to some of the recent conversation about Apple’s iPhone fingerprint scanning technology, despite its age.
Meanwhile, Kevin Townsend – whom I’d also regard as a friend despite all the occasions when I’ve disagreed with him publicly, usually about AMSO – also drew my attention to something interesting. In an article on Mac Trojans Easy to Write says Researcher he cites a blog by Tripwire’s Ken Westin in which he describes a technique for disguising a malicious app masquerading as a different type of file by concealing the .app extension with a Unicode homoglyph. I’m not sure that too many people nowadays think that it isn’t possible to write an OS X Trojan – in fact, even back in the days when Macs were supposed to be impregnable, every suggestion of Mac malware generated a chorus of ‘that’s not a virus, it’s a trojan’, as if somehow that made all the difference. Apps disguising themselves as data files predates OS X, and in fact Amphimix, often assumed to be the first OS X malware, passed itself off as an MP3. And that’s not actually the camouflage technique used by OSX/Leverage, which opens a JPEG within the app bundle to appear like a picture. But it’s quite interesting (I haven’t tried it out, though). In fact, useful though Unicode is, it’s quite often been used to facilitate an attack, or at least to generate confusion.
Small Blue-Green World
ESET Senior Research Fellow