The new variant of the Trojan horse is OSX.Trojan.iServices.B. This variant affects some copies of Adobe Photoshop that are being distributed through various pirated software sites. According to Intego, “the current Photoshop installer is clean, but the Trojan horse is in a crack application that is responsible for serializing the program.”
This crack app installs a backdoor in the / var / tmp directory, copies an executable to / usr / bin / DivX, and saves the hashed password of the root user in the /var/root/.DivX/ file, according to Intego. It then listens on a random TCP port and tries repeatedly to make connections to two IP addresses. Intego concludes that the creator of the malware uses this system to be notified and to access the affected Macs so that it can perform various tasks remotely.
As stated in Intego’s security advisory, “the Trojan horse can also download additional components onto the infected Mac.”