A Trojan that is capable of infecting the Apple Mac OS X platform has been identified.
Trend Micro claimed that a pirated version of iWork '09 is being distributed through a popular torrent site and reportedly contains a malicious file. It reported that the Trojan, identified as OSX_KROWI.A, executes upon the installation of the pirated copy of iWork '09, and connects to a remote server and listens for commands from a remote user.
JM Hipolito, technical communications spokesperson at Trend Micro, claimed that researchers are commenting that the torrent file is currently being hosted, or more appropriately, being seeded, by approximately 500 users at the time of writing - indicating that many people have been infected.
Hipolito claimed: “Furthermore, the fact that the torrent for this malicious file is being seeded by many users makes it attractive to torrent downloaders. As more seeders typically equate a faster download, this may cause the said file to gain popularity in the torrent sites, possibly increasing its download rate.”
Graham Cluley, senior technology consultant at Sophos, said: “Whereas previous versions of Apple iWork required users to enter a serial number when installing from CD ROM, the new version allows users to install the software on as many computers as they like - without apparent repercussion.
“Of course, you should never download copyrighted commercial material via peer-to-peer file-sharing sites. Not only might you be breaching copyright, but you could also be risking a malware infection. It should be remembered that malware affecting Apple Macs is much less frequently encountered than it is by their Windows-using counterparts. But that doesn't mean the problem is non-existent, and it's no excuse for Apple users to have their head in the sand when it comes to security.”
Meanwhile, SecureMac has announced that it has released the iWorkServices Trojan Removal Tool, a free utility created to remove the iWorkServices Trojan from infected Macintosh computers running OS X.