It listens on a random TCP port, and answers requests such as GET / HTTP/1.0 by sending a 209-byte packet, and makes repeated connections to two IP addresses. The program checks to see if it has been launched with root privileges, then saves the root hash password in the file /var/root/.DivX. This copies the executable to /usr/bin/DivX, then creates a startup item in /System/Library/StartupItems/DivX. The crack application then requests an administrator password, launching the backdoor with root privileges. (If the user runs the crack application again, the Trojan horse creates a new executable with a different name these random names make it harder to ensure safe removal of the malware.)
The crack application extracts an executable from its data, then installs a backdoor in /var/tmp/, a directory which is not deleted when the computer is restarted. The actual Photoshop installer is clean, but the Trojan horse is found in a crack application that serializes the program.Īfter downloading this version of Photoshop, users will run the crack application to be able to use it. Trojan horse is found bundled with copies of Adobe Photoshop CS4 for Mac.
Crack photoshop mac software#
This new Trojan horse,, like the previous version, is found in pirated software distributed via BitTorrent trackers and other sites containing links to pirated software. Intego has discovered a new variant of the iServices Trojan horse that the company discovered on January 22, 2009. Security & Privacy New Variant of Mac Trojan Horse iServices Found in Pirated Adobe Photoshop CS4
0 kommentar(er)
