Affiliate Disclosure

If you buy through our links, we may get a commission. Read our ethics policy.

New adware trojan targets Mac Web browsers, nets criminals money

Apple.com as viewed by a Yontoo affected browser. | Source: Dr. Web

A newly discovered trojan has been found to target OS X Web browsers like Safari, Chrome and Firefox, inserting adware onto an affected computer to net criminals profits from affiliate ad networks.

Russian anti-virus company Dr. Web, the same company that was first to discover the infamous Flashback malware in 2012, confirmed the existence of a new trojan called "Trojan.Yontoo.1," which downloads and installs an adware plugin on unsuspecting Mac user's machines.

As noted by The Next Web, the firm's analysts said Yontoo is being spread through nefarious movie trailer webpages that prompt Mac owners to install a browser plugin, media player, video quality enhancement program or download accelerator.

In one example, the installer asks if a user wants to download a program called "Free Twit Tube." When confirmed, the Yontoo plugin is installed for Safari, Chrome and Firefox, which then transmits browsing data to an off-site server. Information about the loaded pages is processed and the server sends back a file which embeds third-party code into webpages visited by the user.

Criminals gain profits from affiliate ad networks when users view or click through the embedded ads.

Dr. Web points out that a similar trojan method is being used to insert adware on Windows PCs.

Follow AppleInsider on Google News

6 Comments

gatorguy

said about 11 years ago

The source article with additional details is here: http://thenextweb.com/insider/2013/03/21/new-os-x-trojan-injects-ads-into-pages-browsed-by-chrome-firefox-and-safari-even-targets-apples-website/?utm_content=New%20OS%20X%20trojan%20injects%20ads%20into%20pages%20browsed%20by%20Chrome,%20Firefox,%20and%20Safari;%20even%20targets%20Apple's%20website&utm_medium=Twitter%20Publisher&utm_campaign=social%20media&utm_source=Twitter&awesm=tnw.to_g0csE Heed the regular advice to never download plug-ins anywhere but from the official site and this one should be easy to avoid.

Marvin

said about 11 years ago

Yontoo is a proper company. I reckon the authorities need to start looking into their business practises: http://www.yontoo.com They have ad toolbars that install with programs on Windows and they do all sorts of damage like replacing the default browser page: http://malwaretips.com/blogs/remove-yontoo-toolbar-uninstall-guide/ I suppose it's just another file for Apple to add to the blacklist but it might be an idea for Apple to have a whitelist too. So have an approved list of software and plugins and when Safari loads, if it detects software not on the whitelist, it will prompt the user to either remove it or allow it. That will act as a catch-all for any new malware.

gatorguy

said about 11 years ago

[quote name="Marvin" url="/t/156575/new-adware-trojan-targets-mac-web-browsers-nets-criminals-money#post_2298027"]Yontoo is a proper company. I reckon the authorities need to start looking into their business practises: http://www.yontoo.com They have ad toolbars that install with programs on Windows and they do all sorts of damage like replacing the default browser page: http://malwaretips.com/blogs/remove-yontoo-toolbar-uninstall-guide/ I suppose it's just another file for Apple to add to the blacklist but it might be an idea for Apple to have a whitelist too. So have an approved list of software and plugins and when Safari loads, if it detects software not on the whitelist, it will prompt the user to either remove it or allow it. That will act as a catch-all for any new malware.[/quote] On that basis Ask.com's toolbar can be tossed in the malware bin too. Oracle has been aggressively pushing that one, attached to Java updates.

tallest skil

said about 11 years ago

Originally Posted by Gatorguy

View Post

…toolbar…

I'm gonna go ahead and just assume that this = malware.

Marvin

said about 11 years ago

[quote name="Gatorguy" url="/t/156575/new-adware-trojan-targets-mac-web-browsers-nets-criminals-money#post_2298041"]On that basis Ask.com's toolbar can be tossed in the malware bin too. Oracle has been aggressively pushing that one, attached to Java updates.[/quote] Yes, along with Java. All in the bin. If it ultimately harms the user experience, it should be considered malware. They get away with it because it's not clear what's useful to end users but this is where a whitelist method would work. If Apple prompts to remove software not on the whitelist and lots of people opt to remove it, it's malware that either doesn't do what they expected or was installed without their consent.

Read More on our Forums

Top Stories

article thumbnail

Amazon's latest Apple deals make perfect Mother's Day gifts (and prices start at just $24)

article thumbnail

Apple Notes in iOS 18 looks to up the ante with Microsoft OneNote

article thumbnail

Game emulator Delta arrives on App Store after controversies

article thumbnail

New 12.9-inch iPad Air may not be a large-screen bargain

article thumbnail

Apple's iOS 18 AI will be on-device preserving privacy, and not server-side

article thumbnail

When to expect every Mac to get the AI-based M4 processor

article thumbnail

Grab Apple's new M3 MacBook Air for $999