A second version of the trojan infecting pirated copies of iWork ’09 has been identified, this time distributed with torrents of Adobe Photoshop CS4 for Mac. OSX.Trojan.iServices.B installs with root privileges and then opens a back-door to the trojan author, leaving the Mac potentially open to remote takeover. The malware was identified by security firm Intego, who believe around 5,000 people have already downloaded the pirated CS4.
While the copy of Photoshop in the torrent is legitimate, the crack application accompanying it – which offers illegal serial numbers for CS4 - is not. After asking for the user’s administrator password, it saves those credentials, installs itself and notifies at least two IP addresses. Since it also cracks the Photoshop security protection, the user can be left none the wiser that their Mac has been compromised.
The first version of the trojan, OSX.Trojan.iServices.A, was used to download software and launch a DDoS attack on several sites. Intego believe this new version will do the same. As ever, the advice is to not give out your admin password to random apps and not download illegal software.