Nasty Trojan Hidden in Pirated Apple App

Dennis Faas's picture

Think your Mac is invulnerable to spyware or viruses? That depends on your morals. According to recent reports, a pirated version of the popular iWork '09 suite contains a nasty trojan that has been startling hoity-toity Mac users.

The Apple iWork '09 suite is fairly self-explanatory. Introduced shortly after the New Year, it performs many work functions, including the construction of documents, spreadsheets, and presentations. It's a slicker version of Excel, in other words. Users can try a trial version for 30 days, or shell out about $80 for the full edition.

Making the decision to not part with those four Andrew Jacksons could be quite disastrous, it seems.

According to security firm Intego -- who found the trojan -- those cheapies using pirated versions of the software could find themselves infected with what's officially being dubbed "OSX.Trojan.iServices.A". The trojan hides itself within a larger package -- the iWork '09 installer. Once a user agrees to install the sneaky software after plugging in their password, the trojan installs to the location /System/Library/StartupItems/iWorkServices.

Once the trojan has lodged itself here, it will have permission to read, write, and execute. Once that is done, the trojan can link to a remote server and throw open a door to malicious attackers. (Source: arstechnica.com)

The Trojan is out there

Unfortunately, it seems quite a few people have taken the bait. According to Intego, at least 20,000 copies of the infected file have been downloaded. Intego, as you might expect, recommends users download its own VirusBarrier program along with the latest updates. Ars Technica has discussed removing the trojan manually with something along the lines of Terminal-fu, but if the remote server has been accessed, the damage could already have been done.

Apple's problems don't stop there. Apparently an Italian researcher has discovered a method of injecting malicious code into the OS-X memory, allowing hackers to, essentially, cover their tracks. (Source: cnet.com)

| Tags:
Rate this article: 
No votes yet