A trojan targeting users of pirated MacOS X software has spread to a second application.
Researchers have found the trojan embedded in pirated versions of Adobe Photoshop currently in circulation. The attack had previously been limited to pirated copies of Apple's iWork suite.
The malware does not automatically target any software vulnerability within OS X, instead it relies on "social engineering" to trick users into running it.
The trojan disguises itself as part of the application's installer package. Once installed on a system, the malware launches a "back door" program which allows an attacker to remotely access a targeted system.
An attacker could then be able to install code or copy personal information from an infected machine.
Neither of the legitimate versions of either product are infected by the trojan. The malware is only being distributed with pirated software.
McAfee researcher Pedro Bueno suggested that the attack could indicate a new phase of malware activity within the MacOS X world.
"Before this we saw mostly lame malware for Mac OSX, but the iWork09 Trojan represents a new element to Mac Trojans, sophistication," Bueno wrote in a company blog posting.
"This one contains peer to peer-like characteristics and even encrypts its traffic."
Bueno suggests that users exercise extreme caution when running applications which may be pirated or suspicious. The researcher notes that the practice of slipping malware into pirated software is not new, and has been a common practice on Windows for years.
"One thing to remember when dealing with pirated software is that you might have a high price to pay, in this case ending up a Trojan that turns your computer into a zombie," he wrote.
"Now this unfortunate trend has arrived on the Mac platform."
OS X 'pirate' trojan resurfaces
By Shaun Nichols on Jan 27, 2009 3:16PM