The new version of the Trojan horse, dubbed OSX.Trojan.iServices.B, has much the same general purpose as the first incarnation, asking for root privileges in order to open a back door into a user's machine, says Mac security company Intego.
A user's system could be subject to a range of remotely-initiated purposes, including acting as a spam relay or initiating a distributed denial of service (DDoS) attack. Either one of these could get the user's internet connection blacklisted.
"The first version of this Trojan horse was seen downloading new code to infected computers, which were then used in a DDoS attack on certain websites. Since this new variant uses the same technology, and contacts the same remote servers, it is likely that it will attempt to download new code and perform such actions," the company said.
The user would not know anything was amiss because the pirated but fully working copy of Photoshop is installed as normal by the Trojan installer at the same time as it installs its own files.
As of January 25th, an estimated 5,000 people had downloaded the hijacked version of the Adobe CS4 application.
The company added that an extra 1,000 downloads had happened of the iWork version, in addition to the 20,000 downloads made before alerts went out. The two versions of the Trojan were definitely the work of the same group as both used the same remote servers, the company said.
One week into this particular Trojan story, and the same group has now hit two separate pirated Apple applications. Critics may shake their heads at the thought that Apple users would download such 'free' software, but it is clearly a problem that defines the Internet itself, regardless of platform.
See also: 25 years of the Apple Mac