Reports of Mac Trojan in pirated Adobe Photoshop CS4

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

It’s news which should dispel once and for all the notion that it’s only script kiddies and proof-of-concept coders that are developing malware for Mac OS X.

it is being reported that a new variant of the Apple Mac iWorkS Trojan horse (also known as iServices or iWorkServices) has been distributed via a pirated version of Adobe Photoshop CS4 on peer-to-peer file-sharing networks.

The Trojan, detected by Sophos as OSX/iWorkS-B is found in a bundled crack program that allows users to circumvent the program’s serial number copy-protection.

Sign up to our free newsletter.
Security news, advice, and tips.

If infected, Macintosh users are at risk of having a remote hacker take control of their computer – potentially for the purposes of sending spam, launching distributed denial-of-service attacks or stealing identities.

Pirated version of Adobe Photoshop comes complete with a Trojan

Just days ago, an earlier version of the iWorkS Trojan horse was seen being distributed in a cracked version of the iWork ’09 software suite.

So, at the moment, the only way we have seen these Trojans being distributed is via pirated versions of commercial copyrighted software. If you aren’t illegally downloading pirated software from BitTorrent sites then you are unlikely to encounter this malware at the moment.

It’s worth remembering, however, that there’s nothing stop the hackers finding other ways to spread their malware – such as planting it on websites or spamming out links to malicious downloads via email.

Mac malware is nothing like as commonly encountered as malicious code on Windows PCs, but that’s no excuse not for Apple users not to properly defend themselves and take sensible precautions to ensure that they are not putting their computers, data and identities in danger.

So, I have a polite suggestion for anyone, whether using a Mac OS X or a Windows computer, who is illegally downloading copyrighted software from the net. Maybe you should stop, hmm?

You can find out more about OSX/iWorkS-B in a blog entry by Paul Baccas of SophosLabs.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.