Sign in to follow this  

Mac Malware Piggybacks On Pirated Iwork

Recommended Posts

22 January 2009, 16:47

Copies of iWork 09 from BitTorrent may contain trojan

Intego has issued a security alert for pirated copies of Apple's iWork 09, saying that it may contain an OS X trojan known as OSX.Trojan.iServices.A. The pirated copies are appearing on BitTorrent trackers and direct download warez sites. Officially purchased copies and retail copies do not contain this trojan.

The trojan exists as a package within the actual iWork 09 installer. It is notable that the iWork 09 files in these downloads are not affected, but are merely a carrier to get the trojan onto users systems. The installer for the trojan is launched as soon as the installation of iWork begins, following the installers request of the administrator password. Once installed as a start-up item to /System/Library/StartupItems/iWorkServices it has read-write-execute permissions for root. Intego has advised that the trojan connects to a remote server, possibly giving remote access and downloading additional components to the infected Mac.

As always, we recommend not downloading software from untrustworthy or unofficial sources and to always acquire software legitimately.

Heise security: >>>>>>>>>>>>>>>>>>>

Mac malware piggybacks on pirated iWork

By Dan Goodin in San Francisco 22nd January 2009 20:58 GMT

Malware masquerading as part of Apple's iWork 09 productivity suite is targeting unsuspecting Mac users foolish enough to install pirated software downloaded on warez sites.

Once installed, iServices.A has unfettered root access, which it promptly uses to connect to a remote server over the internet, according to Intego, which sells anti-virus software for Macs. A secondary download installs malware that makes victims part of a botnet that's attacking undisclosed websites.

More than 20,000 people have already downloaded the rogue installer, which is bundled with a complete and fully functional version of iWork. Intego didn't say how many of those marks have actually installed the program.

Story: The Register: And read here: Heise security:

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this