Researchers from F-Secure, Webroot, and Avast have uncovered Janicab.A, a new trojan that was discovered as a threat to Macs last week and Windows users on Monday, with findings being published recently.

For OS X users, Janicab.A was signed with a valid Apple Developer ID and also uses a special unicode character known as a "right-to-left override" (RLO) that is used in email malware attacks. From there, the trojan uses a YouTube page to hijack infected computers, directs them to command-and-control (C&C) servers, and then leaves the server and hides the infection by making the malware appear as a harmless PDF or DOC file.

janicab_2a_malware
Webroot writes:

After a relatively long lag period without seeing any particular new and exciting Mac malware, last week we saw the surfacing of a new and interesting method of compromising the OSX system. Malware authors have taken a new approach by altering file extensions of malicious .app packages in order to trick users into thinking they are opening relatively harmless .pdf or .doc files. Changing file extensions in Mac OSX can be tricky due to a built in security feature of the OS that detects attempts to change the extension and automatically annexes the extension of its correct file or package type.

This news comes after Apple updated security definitions to combat 'Yontoo', an adware trojan this past March, while also regularly dealing with Java-related vulnerabilities. Apple introduced Gatekeeper in OS X Mountain Lion in order to better deal with security threats, offering a way for users to restrict installation of apps to those signed by Apple-issued Developer IDs.

Top Rated Comments

whooleytoo Avatar
whooleytoo
150 months ago
Cross-platform malware? And the Mac version was released first? Yaaaay!
Score: 20 Votes (Like | Disagree)
blackcrayon Avatar
blackcrayon
150 months ago
If it's signed with a valid developer ID shouldn't that mean Apple should've already revoked it? Which brings up a question, if Apple revokes a developer ID because of malware, does OS X notify you that was the reason? Or do they just say it's "invalid" (in which case lots of people will still right click and open it :)

(I'm guessing the File Quarantine feature should have this added as well by now)
Score: 12 Votes (Like | Disagree)
Michael Scrip Avatar
Michael Scrip
150 months ago


But what does it actually do? :confused:

It gets an article on MacRumors

:D
Score: 10 Votes (Like | Disagree)
jeznav Avatar
jeznav
150 months ago
Not all OSX users have Adobe Acrobat Reader installed. Icon FAIL.

Should've used Preview.app PDF icon instead.
Score: 8 Votes (Like | Disagree)
Parasprite Avatar
Parasprite
150 months ago
Malware authors have taken a new approach by altering file extensions of malicious .app packages in order to trick users into thinking they are opening relatively harmless .pdf or .doc files.

New because of the .app part maybe, but .pdf.exe is not a new approach by any means.

Also, who here uses Adobe for PDFs? (beyond filling out that one form that didn't work right in Preview for some reason)
Score: 3 Votes (Like | Disagree)
antonis Avatar
antonis
150 months ago
Still, don't get surprised if people that don't even have the adobe reader installed on their mac will still open a "pdf" that is using the acrobat icon. There are users and users.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 18

Apple Expected to Release iOS 18.3 Next Week With These New Features

Thursday January 23, 2025 6:41 am PST by
iOS 18.3 should be released to the public next week, following beta testing since mid-December. While the software update is a relatively minor one, it still includes a handful of new features, changes, and bug fixes for iPhones. Below, we recap everything new in iOS 18.3. Notification Summary Changes Examples of inaccurate Apple Intelligence notification summaries Apple Intelligence...
Read Full Article29 comments
iOS 18

5 New Things Your iPhone Can Do in iOS 18.3

Friday January 24, 2025 1:55 am PST by
Apple is set to release iOS 18.3 next week, bringing further refinements to Apple Intelligence features, a couple of neat new capabilities to iPhone 15 Pro and iPhone 16 devices, and bug fixes. While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.3 still introduces capabilities that aim to make your iPhone smarter and more intuitive. Below, we've...
Read Full Article26 comments
Generic iOS 18

iOS 18.4 Beta Coming Soon With These New Features for Your iPhone

Friday January 24, 2025 8:16 am PST by
iOS 18.3 is expected to be widely released next week, and that means the first iOS 18.4 beta for iPhones should be just around the corner. Apple has previously implied that iOS 18.4 will be released in April, as that is when it promised to make Apple Intelligence available in even more languages. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri ...
Read Full Article37 comments
Apple Pay Walmart Feature

Walmart Stands Firm on Why It Doesn't Accept Apple Pay in the U.S.

Thursday January 23, 2025 7:32 am PST by
Walmart still does not accept Apple Pay or other NFC payments at its more than 4,600 stores across the U.S., and it stood firm on its reasoning for that today. A spokesperson for Walmart today informed MacRumors that its position on contactless payments has not changed since we last reached out about the matter in 2022. The big-box retailer said it remains focused on its own convenient...
Read Full Article362 comments
apple tv 4k new orange

New Apple TV Launching This Year With These New Features

Wednesday January 22, 2025 6:01 pm PST by
A new Apple TV is expected to be released later this year. In this article, we recap rumored features and changes for the device. The next Apple TV will be equipped with Apple's own combined Wi-Fi and Bluetooth chip, according to Bloomberg's Mark Gurman. He said the chip supports Wi-Fi 6E, which would be an upgrade over the current Apple TV's standard Wi-Fi 6 support. Wi-Fi 6E extends the...
Read Full Article
iOS 18

Here Are Apple's Full Release Notes for iOS 18.3

Tuesday January 21, 2025 4:31 pm PST by
Apple provided developers and public beta testers with the release candidate version of iOS 18.3 today, and with it comes release notes confirming what's new. While we knew about several of the features that are in the update, there are some lesser known tweaks and bug fixes. The update adds new Visual Intelligence features for iPhone 16 models, it tweaks Notification summaries on all...
Read Full Article52 comments
iPhone 17 Pro Dual Tone Horizontal Single Feature

Kuo: iPhone 17 Models Won't Have Smaller Dynamic Island

Friday January 24, 2025 9:09 am PST by
The upcoming iPhone 17 models that Apple plans to release this year will not feature a smaller Dynamic Island, Apple analyst Ming-Chi Kuo said today. On social media, he said that he is expecting the size of the Dynamic Island to remain "largely unchanged" across the iPhone 17 lineup. His statement is contrary to prior rumors that we've heard about planned changes for the iPhone 17 models. ...
Read Full Article79 comments
iPhone 16 Apple Store Levels

Gurman: Apple Stores Receiving 'Merchandise' Updates Next Week

Saturday January 25, 2025 5:07 pm PST by
Apple's retail stores will be rolling out "merchandise/floor marketing updates" next week, according to Bloomberg's Mark Gurman. Gurman did not explicitly say if the store updates are related to any upcoming product announcements, but he did mention that next week is around the time that Apple rolls out its annual Black Unity watch band for the Apple Watch. In each of the past four years, ...
Read Full Article32 comments
apple power beats pro 2

Apple's First Product Announcement of 2025 is Imminent

Thursday January 23, 2025 2:48 pm PST by
It's also time for Apple's first product announcement of the year. Last year, Apple said it would be launching Powerbeats Pro 2 in 2025, and the wireless earbuds are expected to launch very soon. Powerbeats Pro 2 images found in iOS 18 code In his Power On newsletter last weekend, Bloomberg's Mark Gurman said the Powerbeats Pro 2 are "due imminently." In addition to Apple filing the...
Read Full Article