According to both companies, the malware is embedded within the iWork installer package and is executed as soon as the user begins installing the pirated copy of the program.
Once installed, the malicious software connects to a remote server, opening a 'back door' to the targeted system and potentially allowing an attacker to control any infected machine and access personal data.
"The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely," Intego said in its report.
The company also noted that additional components could be installed on infected systems, as the malware is given root access.
Symantec product manager Mike Romo said that while the company has the trojan classified as a low-level threat, a significant danger still exists.
"It is still significant because with the current economic crisis, more and more people might be tempted to pirate software instead of paying for it," Romo wrote.
"What's particularly vexing is that unless users have some kind of security software, they would never know that their Mac was compromised because the iWork components themselves would work normally."
Both Intego and Symantec said that the latest updates of their respective Mac security products will detect the trojan.
However, users can simply avoid the attack by not downloading pirated versions of iWork.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
