More Malware Targeting Users of Pirated Software for Mac
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

More Malware Targeting Users of Pirated Software for Mac

Written By
Brian Prince
Brian Prince
Jan 26, 2009
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Users of pirated software have a new headache to worry about. For the second time in less than two weeks, malware targeting Mac computers has surfaced on the Web.

According to an advisory from Intego, OSX.Trojan.iServices.B is a variant of the iServices Trojan the company found last week targeting pirated copies of iWork ’09. This time, the malware has its sights set on versions of Adobe Photoshop CS4 downloaded via BitTorrent trackers and other sites containing links to pirated software.

“The actual Photoshop installer is clean, but the Trojan horse is found in a crack application that serializes the program,” Intego’s advisory reads.

As of 6 a.m. EST on Jan. 25, nearly 5,000 are believed to have downloaded the Trojan, according to the advisory.

After downloading this version of Photoshop, users will run the crack application to be able to use it, the advisory continues. The crack application extracts an executable from its data and installs a backdoor in /var/tmp/, which is not deleted when the computer is restarted.

The crack application then requests an administrator password and launches the backdoor with root privileges, the advisory continues. The program saves the root hash password in the file /var/root/.DivX. In addition, it listens on a random TCP port, answers requests such as GET / HTTP/1.0 by sending a 209-byte packet and makes repeated connections to two IP addresses.

“Since the malicious software connects to a remote server over the Internet, the creator of this malware will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely,” the advisory reads. “The Trojan horse may also download additional components to an infected Mac.”

Last week, the original version of the malware was found in pirated versions of Apple’s iWork ’09. By 6 a.m. EST Jan. 22, the Trojan reportedly had infected some 20,000 users of the pirated iWork ’09. A free tool to remove this Trojan is available on SecureMac.

Although Mac users have historically had a relatively easy time when it comes to malware-the amount of viruses targeting the Mac is far lower than those targeting Microsoft Windows-the incident does underscore the dangers of downloading pirated software.

“Intego recommends that users never download and install software from untrusted sources or questionable Web sites,” the advisory states.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information