Macintosh devices are normally not affected by threats you see around. Even when it’s necessary to have an antivirus in a Windows PC, Mac users are pretty much confident about their security. Nevertheless, there are certain times when you come across malware attacks targeted at Mac devices. And, iWork Trojan is considerably the most noted threat that we’ve seen in Macintosh devices; let that be your MacBook Pro, Air or iMac. As you would have guessed from the name, iWork Trojan works associated with the iWork package from Apple.
In case if you did not know, iWork is collection of tools that can be used for Work-related needs. For instance, Pages of iWork lets you create stunning Documents with its powers for Word Processing and Collaborative Workspace. At the same time, Keynote is the optimal way to create and present media content for presentations. Despite being available for Mac, iOS and iCloud, iWork is a premium package of software. In fact, each tool — Pages, Numbers and Keynote — costs you $19.99 when purchased from Mac App Store. And, it’s the premium pricing that gave birth to iWork Trojan.
How iWork Trojan Works
Let’s iterate that universal fact here: people don’t like to spend money on digital products. So, by risking their security and privacy, users tend to go behind pirated stuff. And, that’s what happened in the case of iWork as well. Driven by the wish to save some money, people started searching for the pirated versions of Apple iWork package. Hackers and evil hands did use this occasion to come up with a totally-malicious thing — iWork Trojan. As you can guess, it’s a Trojan horse kind of malware that can affect your Macintosh.
So, the spreading process was simple enough. The hackers had to set up a website with the download links for the pirated version of Apple iWork. Users would rush into those websites to download and install the pirated versions — free of cost, of course. Along with the iWork package, however, the iWork Trojan too would be installed in the device. Trojan Services would be active on your Mac device thereafter.
Obviously, there are several after effects of having your Macintosh affected with iWork Trojan. Some of them are:
- iWork Trojan Horse Viruses have root access. Using this root access, it’s possible to transmit the location of your Mac.
- Remote Control of your Mac is also possible through the Trojan service. If you are seeing a huge amount of data bandwidth being used, it’s okay to doubt the presence of malicious remote access.
- iWork Trojan, just like other Trojan horse viruses, has complete control over your Macintosh device. That’s one of the reasons why it can go deep into your system and create backdoors. Using these backdoors, other malware can get into the device.
Altogether, there is no doubt in the fact that iWork Trojan is something really dangerous. The best precaution you can do is to stop downloading pirated versions of iWork. Instead, by paying the right amounts, you can have all the components of Apple’s Office-based software package.
Removing the iWork Trojan Malware
Unlike most of the other Trojan horse malware, it’s not so tough to remove iWork Trojan from your Macintosh. In fact, if you are able to detect the presence of the Trojan, it takes only a few minutes to get rid of the iWork Trojan. However, it’s another story if the iWork Trojan has created some other malware in the meantime. However, if it’s about iWork Trojan, you can follow these steps to remove the malware:
Note: The process of removal is simple enough. You are going to delete all the files and folders associated with the iWork Trojan. It means that you will have to get rid of the pirated version of iWork installed in the device. The steps are as follows once again.
- You need to open the Find dialogue box in Mac. To do that, you need to press Command + F
- Now, it’s time to find and delete the various files and folders associated with iWork Trojan. To do that, you can do searches in the Find dialogue box. So, perform search with these keywords: iWork Services, Bin, Library, System, USR and Startup Items. Open all these folders and delete them instantly.
- In the dialogue box, you can find file-based results too. In that case, you need to delete the individual files as well.
- While deleting, make sure that you are pressing Shift + Command + Del instead of Normal delete. If you do this, the files will be deleted permanently without going to the Trash folder.
- By now, you would have deleted almost all the files associated with the iWork Trojan. Now, it’s time to restart the Mac.
Once rebooted, all the changes will be in effect and you won’t find the pirated version of iWork in device. It means that it has been removed from the device; so has the malware associated with it.
By the way, if you don’t want to follow these steps, you can seek the help of malware removal tools. As you might know, it is possible to find dedicated tools for malware removal and protection, such as Malwarebytes Anti-Malware. If not for Malwarebytes, you should pick the right, reputed and effective removal tool. Despite all these, it makes a lot more sense not to install the pirated versions of iWork package. It’s good to pay for the good stuff!