Mac Trojan Targets Pirated Apple iWorks
The Mac-only Trojan, known as OSX.Trojan.iServices.A, is circulating through copies of Apple's productivity suite iWork '09 found on BitTorrent trackers and other sites that contain links to illegal software.
An advisory was circulated by Mac security vendor Intego on Wednesday, warning Mac users of the iWork malware.
While the iWork '09 program is completely functional, the installer contains an additional package called iWorkServices.pkg, launched when the iWork '09 software is installed. The Trojan installer is downloaded as soon as the user requests an administrator password and begins installation of iWork. However, older versions of Mac OS X, such as 10.5.1 and earlier, won't require a password.
The malicious software is installed as a startup item where it has read-write-execute permission. It then connects to a remote server via the Web, alerting the attacker that the Trojan is actively targeting users' Macs. The attackers will then be able to connect to the affected computers in order to steal or view sensitive and financial information, or obtain remote access to user accounts. The Trojan may be used to download additional malicious code onto infected Macs and used for further criminal activity.
Apple released its latest version of iWork at the 2009 Macworld Conference & Expo, where it showcased changes to its word processor and spreadsheet applications.
In the Intego advisory, security experts advise users not to download iWork '09 installers from sites that promote pirated software, and recommends that users also avoid installing software from other questionable sources or suspicious Web sites.
"The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users," Intego's advisory warned.
While the exact number of infected users is not yet known, Intego estimates that affected Mac users exceed 20,000.
Malware specific to the Mac is still a relative rarity, but not entirely uncommon, security experts say. Last year, coinciding with the first day of the MacWorld Conference & Expo, a rogue application known as MacSweeper, which spread only on Mac computers, solicited users to download and pay for a bogus cleanup program. However, users, mostly consumers, soon found out that the cleaning software failed to deliver on its promise to rid their systems of malware once they paid for it.
Security experts say that they expect to see more malware specifically targeting the Mac.