New 'Yontoo' Adware Trojan Targets Major Browsers on OS X

by

Russian security firm Doctor Web this week highlighted a new trojan (via The Next Web) affecting OS X systems and which installs an adware plug-in capable of injecting ads into users' browsing experience.

As with other trojans, this new Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.

When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.

However, after the user presses ‘Continue’, instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.

In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user.

As an example of Yontoo's capabilities, Doctor Web shows how ads can be injected into apple.com once the plug-in has been unwittingly installed by the user.

apple_com_adware
Compared to Windows, OS X has long been a relatively unpopular target for malware authors, but attacks targeting Apple customers have been on the rise. Many of the most highly publicized attacks come via trojans that rely on tricking users into granting installation privileges, while third-party platforms such as Java have also frequently been used to inject code into Mac systems.

Apple has been increasing its efforts to fight malware, introducing a rudimentary anti-malware functionality in OS X Snow Leopard and an enhanced Gatekeeper system in OS X Mountain Lion. Apple has also increasingly been blocking vulnerable versions of Java until Oracle is able to release patched versions of its plug-ins.

Top Rated Comments

Slix Avatar
Slix
145 months ago
Want to install Free Twit Tube?

Seems legit. :rolleyes:
Score: 20 Votes (Like | Disagree)
litmag01 Avatar
litmag01
145 months ago
Say YES to everything unless it asks to continue.

In that case, press CONTINUE and enter bank account number, routing number and any pertinant passwords.
Score: 18 Votes (Like | Disagree)
anzio Avatar
anzio
145 months ago
It's times like this that I'm glad that OS X has XProtect.

Oh yeah. And I'm happy I also wield common sense. :)
Score: 14 Votes (Like | Disagree)
Pechente Avatar
Pechente
145 months ago
Wow, a user can be tricked to actively install harmful software - a serious flaw in OS X!
Score: 11 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
145 months ago
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.

What security flaw are you referring to with this story?
Score: 9 Votes (Like | Disagree)
vmistery Avatar
vmistery
145 months ago
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.

You missed patch Tuesday then?
Score: 9 Votes (Like | Disagree)
Read All Comments

Popular Stories

Delta Feature

Delta Game Emulator Now Available From App Store on iPhone

Wednesday April 17, 2024 9:58 am PDT by
Game emulator apps have come and gone since Apple announced App Store support for them on April 5, but now popular game emulator Delta from developer Riley Testut is available for download. Testut is known as the developer behind GBA4iOS, an open-source emulator that was available for a brief time more than a decade ago. GBA4iOS led to Delta, an emulator that has been available outside of...
Read Full Article186 comments
iOS NES Emulator Bimmy Feature

NES Emulator for iPhone and iPad Now Available on App Store [Removed]

Tuesday April 16, 2024 11:33 am PDT by
The first approved Nintendo Entertainment System (NES) emulator for the iPhone and iPad was made available on the App Store today following Apple's rule change. The emulator is called Bimmy, and it was developed by Tom Salvo. On the App Store, Bimmy is described as a tool for testing and playing public domain/"homebrew" games created for the NES, but the app allows you to load ROMs for any...
Read Full Article229 comments
iPhone 15 Pro Action Button Translate

All iPhone 16 Models to Feature Action Button, But Usefulness Debated

Tuesday April 16, 2024 6:54 am PDT by
Last September, Apple's iPhone 15 Pro models debuted with a new customizable Action button, offering faster access to a handful of functions, as well as the ability to assign Shortcuts. Apple is poised to include the feature on all upcoming iPhone 16 models, so we asked iPhone 15 Pro users what their experience has been with the additional button so far. The Action button replaces the switch ...
Read Full Article104 comments
maxresdefault

Hands-On With the New App Store Delta Game Emulator

Wednesday April 17, 2024 12:19 pm PDT by
A decade ago, developer Riley Testut released the GBA4iOS emulator for iOS, and since it was against the rules at the time, Apple put a stop to downloads. Emulators have been a violation of the App Store rules for years, but that changed on April 5 when Apple suddenly reversed course and said that it was allowing retro game emulators on the App Store. Subscribe to the MacRumors YouTube channel ...
Read Full Article224 comments
iOS 18 Siri Integrated Feature

iOS 18 Will Add These New Features to Your iPhone

Friday April 12, 2024 11:11 am PDT by
iOS 18 is expected to be the "biggest" update in the iPhone's history. Below, we recap rumored features and changes for the iPhone. iOS 18 is rumored to include new generative AI features for Siri and many apps, and Apple plans to add RCS support to the Messages app for an improved texting experience between iPhones and Android devices. The update is also expected to introduce a more...
Read Full Article