Apple has updated its built-in anti-malware to block Yontoo, a browser plugin for Chrome, Safari and Firefox on Mac that injects advertisements into Web pages.
Russian antivirus firm Dr Web reported the arrival of Yontoo for Macs last week, labeling it a trojan since it was deceptively promoted as a media player and several other tools. Once installed, the program presents ads that would not otherwise be present on a website.
The plugin is being distributed as part of an affiliate ad network program, according to Dr Web.
According to Mac antivirus vendor Intego, Apple added Yontoo to its XProtect last Friday and detects it as OSX.Adplugin.i.
[[xref:http://www.intego.com/mac-security-blog/apple-updates-xprotect-to-detect-yontoo-adware/ |Intego’s Lisa Myers|]] says that its testing revealed detection is “very specific and potentially location-dependent.”
“This extra specificity is likely there so as to catch only the surreptitious installations of this file,” she said. Myers noted previously that adware like Yontoo are often classified as “potentially unwanted” because they are created by legitimate companies but have potentially undesirable features -- like displaying ads or tracking user information. Software moves to the “darker side of grey” when the installation is sneaky, she said.
Indeed, Symantec defines the Windows version of Yontoo for browsers as “potentially unwanted software” made by Yontoo LLC, which calls its product an “application platform that allows you to control the websites you visit everyday”.