Pirated Apple iWork 09 Software Contains Malware

Malware Found in Pirated Apple iWork 09 Software for Mac OS

A serious Mac OS X malware threat was discovered in a pirated copies of Apple Computer's iWork 09 software. The malicious infection was found to be a Trojan called OSX.Trojan.iServices.A. This infection seems to be sourced from BitTorrent trackers and other sites that may offer a pirated version of the iWork 09 suite of software for Mac.

For some time security researchers debated back and forth as to whether the Max OS was as vulnerable as comparable Windows PC's. We are starting to see the debate come to a head as more and more Mac OS infections are plaguing the computer world. The OSX.Trojan.iServices.A seems to affect several versions of the Mac OS X 10.5.X operating system.

Intego, an internet security and privacy software company, released an advisory a few days ago on this particular infection and the source of it. Below is an excerpt from the Intego site on the OSX.Trojan.iServices.A security alert.

Intego has discovered a new Trojan horse, OSX.Trojan.iServices.A, which is currently circulating in copies of Apple's iWork 09 found on BitTorrent trackers and other sites containing links to pirated software. The version of iWork 09, Apple's productivity suite, are complete and functional, but the installer contains an additional package called iWorkServices.pkg.

When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password. This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.

Other sources of some recent Mac OS infections were known to come from some of the same sources as Windows PC viruses such as porn video sites or illegal download networks. Many of those reported cases dropped a DNS-changer Trojan for Mac systems.

As of now to limit or attempt to control the OSX.Trojan.iServices.A infection, Mac users are urged to avoid downloading and installing software from questionable or untrusted sources. Other dangers from OSX.Trojan.iServices.A include the ability to download other malware onto your Mac which may result in damage or lost of personal data.