Reports of Mac Trojan in pirated Adobe Photoshop CS4

Filed Under: Apple, Malware

It's news which should dispel once and for all the notion that it's only script kiddies and proof-of-concept coders that are developing malware for Mac OS X.

it is being reported that a new variant of the Apple Mac iWorkS Trojan horse (also known as iServices or iWorkServices) has been distributed via a pirated version of Adobe Photoshop CS4 on peer-to-peer file-sharing networks.

The Trojan, detected by Sophos as OSX/iWorkS-B is found in a bundled crack program that allows users to circumvent the program's serial number copy-protection.

If infected, Macintosh users are at risk of having a remote hacker take control of their computer - potentially for the purposes of sending spam, launching distributed denial-of-service attacks or stealing identities.

Pirated version of Adobe Photoshop comes complete with a Trojan

Just days ago, an earlier version of the iWorkS Trojan horse was seen being distributed in a cracked version of the iWork '09 software suite.

So, at the moment, the only way we have seen these Trojans being distributed is via pirated versions of commercial copyrighted software. If you aren't illegally downloading pirated software from BitTorrent sites then you are unlikely to encounter this malware at the moment.

It's worth remembering, however, that there's nothing stop the hackers finding other ways to spread their malware - such as planting it on websites or spamming out links to malicious downloads via email.

Mac malware is nothing like as commonly encountered as malicious code on Windows PCs, but that's no excuse not for Apple users not to properly defend themselves and take sensible precautions to ensure that they are not putting their computers, data and identities in danger.

So, I have a polite suggestion for anyone, whether using a Mac OS X or a Windows computer, who is illegally downloading copyrighted software from the net. Maybe you should stop, hmm?

You can find out more about OSX/iWorkS-B in a blog entry by Paul Baccas of SophosLabs.

, , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.