According to a report from security vendor Intego, the malware can be found in pirated copies of Apple’s iWork 09 that can be downloaded using a Bittorrent client.
The productivity suite was reported s being “complete and functional”, but also having one extra feature: an additional package called iWorkServices.pkg. The package is installed alongside the suite ( the Trojan installer is launched when the user begins the installation of iWork) and will be added as a startup item.
The malware will be given read-write-execute permissions for root, will connect to a remote server and further download whatever malicious software its creators might desire.
Intego notes that over 20,000 Mac users have already downloaded the infected pack (and most possibly got infected).