New Adware Trojan Yontoo For Mac Targets Major Web Browsers

Russian anti-virus firm Doctor Web has raised a red flag: It has detected another wave of adware targeting Mac computers, a trend which has been rising since the beginning of this year. Among the new adware there is one entitled, “Trojan.Yontoo.1,” which seems to be the most prominent, as it can download and install an adware browser plugin in an infected system.


According to Doctor Web, the trojan targeting Mac OS X can get into a computer though multiple scenarios. Since we all love watching movies, especially in HD quality, the anti-virus company says hackers went as far as crafting movie trailer pages prompting the user to install a “missing” browser plugin.

The system gets infected by clicking on the “Install the plug-in” link which redirects the user to another site hosting the Trojan.Yontoo.1.

Yet the above is only one of multiple possible scenarios: the trojan can be downloaded as a media player, a download accelerator, or video quality enhancement application.


“When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.”

“However, after the user presses ‘Continue’, instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.”

“In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user. This is how an page is displayed on an infected machine.”

The increasing popularity of Mac OS X makes users a target for this type of hacker attack. Apple, however, is renowned for putting extra effort into fighting malware, just as it did with the rudimentary Gatekeeper system in Mountain Lion. The company also reacted immediately to protect its users when Java vulnerabilities were detected.

[Via TNW]