Pirated copies of Apple iWork 09 infected by Trojan

Mac users are being warned about a Trojan horse circulating through pirated copies of Apple's iWork 09, which are being distributed via BitTorrent sites.

Intego and Symantec released security alerts which said the downloaded copies of iWork were complete and functional, but contained an additional Trojan package called 'iWorkServices.pkg'.

Once iWork is loaded, the installer for the Trojan horse is launched. This installs malicious software, which is now present as a start-up item and has read-write-execute permissions, letting it connect to a remote server over the internet.

This will inform the malicious user or cybercriminal that the Trojan has been installed on the Mac, where they can connect and perform actions remotely, as well as potentially download additional components.

Intego warned Mac users not to download iWork 09 from sites which offered pirated software, but at the time of the alert it said over 20,000 people had downloaded the installer.

The attack comes just after Apple revealed that a serial number was not needed for the installation of the software, which would allow a user to install the software on as many Macs as they choose.