Yontoo Trojan horse injects ads as you surf with popular Mac browsers

The particulars change, but the general rule doesn't: Don't install software you're not certain you can trust. A new Trojan horse targeting Mac users tries to trick you into installing it by prompting you to install a browser plug-in when you visit a compromised or malicious webpage.

Dr.Web, a Russian anti-virus and security company, dubs the malware Trojan.Yontoo.1. Unknowing Web surfers who attempt to view video trailers are told that a necessary plug-in is missing. If you click to get the plug-in, an installer for something called FreeTwitTube appears.

But rather than installing FreeTwitTube, the software instead installs a Yontoo plug-in for Safari, Chrome, and Firefox. The plug-in inserts ads and other content onto other webpages as you surf. The real risk with browser extension-based malware is that such extensions can easily access and execute remote code--and monitor the URLs you visit, along with the content of those pages. It doesn't appear that Yontoo does that... yet.

You can check if you're a Yontoo victim by reviewing your browser's installed plug-ins. Deleting the extension should be enough to rid your Mac of the malware.

Join the CSO newsletter!

Error: Please check your email address.

Tags MacFirefoxapplicationssecuritybrowserssoftwaresafarimalwarechrome

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lex Friedman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place