Security firm Intego has issued a security alert for users of pirated copies of iWork 09. According to Intego a new trojan horse, OSX.Trojan.iServices.A, is circulating in copies of the iWork 09 suite that have been posted to BitTorrent and other sites where pirated software is shared. Apparently the software is functional but the installer contains an additional package called “iWorkServices.pkg” which is installed during the iWork installation.

“This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.”

Let this be a lesson to all you software thieves. If you download and use pirated software you open yourself up to this type of malicious attack. Moral of the story: don’t steal software!

[UPDATE]

MacRumors has posted instructions on how to remove the trojan for those that have downloaded and installed the suite. We still say serves you right!

Tags:trojans