New 'Yontoo' Adware Trojan Targets Major Browsers on OS X

Russian security firm Doctor Web this week highlighted a new trojan (via The Next Web) affecting OS X systems and which installs an adware plug-in capable of injecting ads into users' browsing experience.

As with other trojans, this new Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.

When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.

However, after the user presses ‘Continue’, instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.

In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user.

As an example of Yontoo's capabilities, Doctor Web shows how ads can be injected into apple.com once the plug-in has been unwittingly installed by the user.

apple_com_adware
Compared to Windows, OS X has long been a relatively unpopular target for malware authors, but attacks targeting Apple customers have been on the rise. Many of the most highly publicized attacks come via trojans that rely on tricking users into granting installation privileges, while third-party platforms such as Java have also frequently been used to inject code into Mac systems.

Apple has been increasing its efforts to fight malware, introducing a rudimentary anti-malware functionality in OS X Snow Leopard and an enhanced Gatekeeper system in OS X Mountain Lion. Apple has also increasingly been blocking vulnerable versions of Java until Oracle is able to release patched versions of its plug-ins.

Top Rated Comments

Slix Avatar
131 months ago
Want to install Free Twit Tube?

Seems legit. :rolleyes:
Score: 20 Votes (Like | Disagree)
litmag01 Avatar
131 months ago
Say YES to everything unless it asks to continue.

In that case, press CONTINUE and enter bank account number, routing number and any pertinant passwords.
Score: 18 Votes (Like | Disagree)
anzio Avatar
131 months ago
It's times like this that I'm glad that OS X has XProtect.

Oh yeah. And I'm happy I also wield common sense. :)
Score: 14 Votes (Like | Disagree)
Pechente Avatar
131 months ago
Wow, a user can be tricked to actively install harmful software - a serious flaw in OS X!
Score: 11 Votes (Like | Disagree)
Apple_Robert Avatar
131 months ago
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.

What security flaw are you referring to with this story?
Score: 9 Votes (Like | Disagree)
vmistery Avatar
131 months ago
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.

You missed patch Tuesday then?
Score: 9 Votes (Like | Disagree)

Popular Stories

iPhone 15 Pro Buttons CAD Leak

iPhone 15 Pro Low-Energy Chip to Allow Solid-State Buttons to Work When Device is Off or Out of Battery

Wednesday March 29, 2023 1:54 am PDT by
The iPhone 15 Pro and Pro Max will use a new ultra-low energy microprocessor allowing certain features like the new capacitive solid-state buttons to remain functional even when the handset is powered off or the battery has run out, according to a source that shared details on the MacRumors forums. CAD-based render of new solid-state buttons on iPhone 15 Pro models The source of this rumor is ...
maxresdefault

Apple Announces WWDC 2023 Event Taking Place June 5 to 9

Wednesday March 29, 2023 9:58 am PDT by
Apple today announced that its 34th annual Worldwide Developers Conference will take place from Monday, June 5 to Friday, June 9. Like WWDC 2020, 2021, and 2022, WWDC 2023 will be an online event for the most part, and it will be open to all developers at no cost. Subscribe to the MacRumors YouTube channel for more videos. Apple will provide online sessions and labs, which will allow...
iPhone 15 Pro Multi Purpose button Mute Switch Feature Green 2

iPhone 15 Pro Rumored to Feature Multi-Use Action Button Instead of Mute Switch

Wednesday March 29, 2023 7:28 am PDT by
iPhone 15 Pro and iPhone 15 Pro Max models are rumored to feature a customizable Action button like the Apple Watch Ultra, according to a MacRumors forum member who leaked accurate details about the Dynamic Island on iPhone 14 Pro models last year. The source claimed the Action button will replace the Ring/Silent switch that has been included on every iPhone model since 2007. They did not...
iOS 16

Apple Releases iOS 16.4 With New Emoji, Safari Web Push Notifications, Beta Changes, Voice Isolation for Calls and More

Monday March 27, 2023 10:03 am PDT by
Apple today released iOS 16.4, the fourth major update to the iOS 16 operating system that initially came out last September. iOS 16.4 comes two months after the launch of iOS 16.3, an update that added Security Keys for Apple ID. iOS 16‌.4 and iPadOS 16.4 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. It can take a few minutes...
Apple Music Classical

Apple Explains Why It Launched an iPhone App Dedicated to Classical Music

Monday March 27, 2023 8:54 pm PDT by
Apple today published a support document explaining why it decided to release a standalone Apple Music Classical app for classical music. In short, Apple says the app was designed to support classical music's complex metadata:Classical music is different. It has longer and more detailed titles, multiple artists for each work, and hundreds of recordings of well-known pieces. The Apple Music...
iOS 16

Apple Seeds First Betas of iOS 16.5 and iPadOS 16.5

Tuesday March 28, 2023 10:15 am PDT by
Apple today seeded the first betas of upcoming iOS 16.5 and iPadOS 16.5 updates to developers for testing purposes, with the software coming a day after the launch of iOS 16.4 and iPadOS 16.4. Registered developers can opt in to the betas by opening up the Settings app, going to Software Update, tapping on the "Beta Updates" option and toggling on the iOS 16 Developer Beta. Note that an...
home upgrade available feature

PSA: Apple Has Made Its New Home Architecture Update Available Again

Tuesday March 28, 2023 1:50 am PDT by
Apple has made the option to upgrade to new Home architecture available again with the release of iOS 16.4, iPadOS 16.4, and macOS Ventura 13.3, after it temporarily pulled the update in December. After updating Apple devices to the latest software, users can once again opt to upgrade any homes set up in the Home app to the new Home architecture, which Apple says brings faster, more reliable ...