Mac Trojans Proliferate

The first, discovered on January 21, is called OSX.Trojan.iServices.A, and was embedded in a hacked version of iWork 09, the latest version of Apple's productivity suite, which shipped around the same time. A variant was found last Monday, planted in a pirate program designed to unlock Adobe Photoshop CS4 for Mac.

The iWork Trojan is embedded in the program's installer, as iWorkServices.pkg. The Trojan is installed as a start-up item, meaning that it will be loaded every time OSX is booted. It connects to a remote server, and has the capability of downloading additional components to an infected machine, Intego warns.

The OSX.Trojan.iServices.B variant works slightly differently, installing itself via a crack application used to generate a serial number for the downloaded copy of Photoshop CS4. The Adobe binary itself is clean. The crack application installs a backdoor in /var/tmp/, launching it with root privileges to create a start-up item. The program then contacts the same online servers as its predecessor, which has been used in denial of service attacks, according to Intego.

McAfee says that these Trojans represent a departure from traditional Mac Trojans, which it called "lame".

"The iWork09 Trojan represents a new element to Mac Trojans — sophistication. This one contains peer to peer-like characteristics and even encrypts its traffic," said the firm's researchers.

Kaspersky also found two pieces of malware circulating for the Mac, which it has called not-a-virus:FraudTool.OSX.iMunizator.

"The software generates messages about infections/problems on the machine. These are fake warnings," said Roel Schouwenberg, senior AV researcher for Kaspersky Lab Americas. "To get these infections/problems removed, the user has to pay money. On the Windows platform this is currently a very popular type of malware and is called fraudware, rogueware or scareware. The bad guys are making heaps of money with this tactic on Windows. Probably they also have a relatively decent revenue on the Mac."

Kaspersky has warned that Mac malware in the wild as has been proliferating. According to the company's research, instances of software for the platform rose from eight in 2006 to 35 in 2007.

What’s Hot on Infosecurity Magazine?