CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 22nd, 2009

Mac OS X Malware Found In Pirated Apple iWork 09

Researchers at Intego are reporting that malware hidden in Apple’s iWork 09 productivity suite is targeting unsuspecting Mac users foolish enough to install pirated software downloaded on warez sites.

Once installed, iServices.A has unfettered root access, which it promptly uses to connect to a remote server over the internet, according to Intego, which sells anti-virus software for Macs. A secondary download installs malware that makes victims part of a botnet that’s attacking undisclosed websites.

The malicious file, dubbed OSX.Trojan.iServices.A, was found on BitTorrent trackers and other sites containing links to pirated software.  The booby-trapped version of the iWord 09 productivity suite is complete and functional but the installer contains an additional package called iWorkServices.pkg, Intego said.

When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request). This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.

More than 20,000 people have already downloaded the rogue installer, which is bundled with a complete and fully functional version of iWork. Intego didn’t say how many of those marks have actually installed the program.

Intego’s advisory is the latest reminder that the growing popularity of Apple’s OS X hasn’t been lost on malware developers. Over the past 18 months, a variety of trojans and exploits have increasingly targeted the Mac.

Intego’s advisory an be found here.

Share this item with others:

More on CyberInsecure:
  • Apple QuickTime Multiple Remote Vulnerabilities
  • Mac App Store Hack Allows Applications To Run Without Paying
  • Privacy Flaw Found In Apple Safari RSS Reader
  • Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001
  • Apple Users Targeted By Smut-punting Video Codec Malware

    • Posted in Apple, BitTorrent, Malware, Software, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Thursday, January 22nd, 2009 at 7:46 am and is filed under Apple, BitTorrent, Malware, Software, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Mac OS X Malware Found In Pirated Apple iWork 09

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »