Got a tip for us? Share it...

New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

New 'Yontoo' Adware Trojan Targets Major Browsers on OS X

Russian security firm Doctor Web this week highlighted a new trojan (via The Next Web) affecting OS X systems and which installs an adware plug-in capable of injecting ads into users' browsing experience.

As with other trojans, this new Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.
When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.

However, after the user presses ‘Continue’, instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.

In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user.
As an example of Yontoo's capabilities, Doctor Web shows how ads can be injected into apple.com once the plug-in has been unwittingly installed by the user.

apple_com_adware
Compared to Windows, OS X has long been a relatively unpopular target for malware authors, but attacks targeting Apple customers have been on the rise. Many of the most highly publicized attacks come via trojans that rely on tricking users into granting installation privileges, while third-party platforms such as Java have also frequently been used to inject code into Mac systems.

Apple has been increasing its efforts to fight malware, introducing a rudimentary anti-malware functionality in OS X Snow Leopard and an enhanced Gatekeeper system in OS X Mountain Lion. Apple has also increasingly been blocking vulnerable versions of Java until Oracle is able to release patched versions of its plug-ins.

Top Rated Comments

(View all)

14 months ago
Want to install Free Twit Tube?

Seems legit. :rolleyes:
Rating: 20 Positives
14 months ago
Say YES to everything unless it asks to continue.

In that case, press CONTINUE and enter bank account number, routing number and any pertinant passwords.
Rating: 18 Positives
14 months ago
It's times like this that I'm glad that OS X has XProtect.

Oh yeah. And I'm happy I also wield common sense. :)
Rating: 14 Positives
14 months ago
Wow, a user can be tricked to actively install harmful software - a serious flaw in OS X!
Rating: 11 Positives
14 months ago

Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.


You missed patch Tuesday then?
Rating: 9 Positives
14 months ago

Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.


What security flaw are you referring to with this story?
Rating: 9 Positives
14 months ago
some users.

writing [Press Me] sounds enough to convince them...
Rating: 9 Positives
14 months ago
So this is avoided by simply not installing the plugin? That should be simple enough to do.
Rating: 7 Positives
14 months ago

Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people:D


Yes there may be some Malware, but it involves and requires user action even on relatively open machines....

Windoze can get the Herp just by being connected to the Net... Wanna try again? When a Hacker can program something that just by my Mac being on the internet, it can infect and cause harm... Then I will worry...

[Edit]
You can't fix stupid whether you're on a Mac or a Windows machine.. /rantmodeOff

I am not saying its impossible but it still hasnt happened.
Rating: 5 Positives
14 months ago

Tell me 1 OS that can EVER be secure from someone asking 'May I install this app please?' and allowing the user click 'Yes'.


iOS? :)
Rating: 5 Positives

[ Read All Comments ]