Another pirated copy of another popular software for the Mac has been found to contain a variant of a trojan horse that was found a few days ago on a pirated version of Apple’s productivity suite, iWork ‘09, by the same company who found the first one.
Intego has said that this new variant of the iServices trojan, OSX.Trojan.iServices.B, installs a backdoor in the /var/tmp/ directory, which is supposed to be deleted after installation when the computer is restarted. However, it doesn’t happen during the normal installation process, but when you try and use the crack application to activate the product.
According to them, as of 6am New York Time on the 26th of January, nearly 5,000 people have downloaded the torrent, and possibly have been infected by the trojan.
Like the previous trojan, it will allow the attacker to remotely access your Mac and perform various actions without your knowledge or consent.
“The risk of infection is serious, due to the number of infected users, and these users may face extremely serious consequences if their Macs are accessible to malicious users,” Intego said in its virus advisory.
It continues, “The first version of this Trojan horse was seen downloading new code to infected computers, which were then used in a DDoS (distributed denial of service) attack on certain web sites. Since this new variant uses the same technology, and contacts the same remote servers, it is likely that it will attempt to download new code and perform such actions.”