Mac trojan horse discovered in pirated Photoshop

Peter Cohen, Macworld
27 January, 2009
View more articles fromthe author
AAA
News

Security software firm Intego reports that pirated copies of Adobe Photoshop CS4 may contain a variant of the “trojan horse” malware first reported in copies of Apple iWork ‘09 last week.

OSX.Trojan.iServices.B is what the malware is being called. It affects some copies of Adobe Photoshop that are being distributed through pirate software sites. According to Intego, “The actual Photoshop installer is clean, but the Trojan horse is found in a crack application that serializes the program.”

The crack application installs a backdoor in the /var/tmp directory, copies an executable to /usr/bin/DivX and saves the root hash password in the file /var/root/.DivX, according to Intego. It then listens on a random TCP port and attempts to make repeated connections to two IP addresses. Intego concludes that the creator of the malware intends to be alerted through this method and may have the ability to connect to affected Macs and perform various actions remotely.

“The Trojan horse may also download additional components to an infected Mac,” reads Intego’s security alert.

Mac users concerned about this issue are advised to install and run security software to protect themselves. Obviously, the best practice remains to only acquire your software legitimately and through trusted sources.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us
x
Sign up to the Macworld Australia newsletter

Receive the latest:

  • Apple news directly to your inbox
  • Features, opinion, tips and tricks
  • Information on the tools that will run your business more efficiently

Sign up now!
X


Sign up to the newsletter