Yontoo Trojan horse injects ads as you surf with popular Mac browsers

The particulars change, but the general rule doesn't: Don't install software you're not certain you can trust. A new Trojan horse targeting Mac users tries to trick you into installing it by prompting you to install a browser plug-in when you visit a compromised or malicious webpage.

Dr.Web, a Russian anti-virus and security company, dubs the malware Trojan.Yontoo.1. Unknowing Web surfers who attempt to view video trailers are told that a necessary plug-in is missing. If you click to get the plug-in, an installer for something called FreeTwitTube appears.

But rather than installing FreeTwitTube, the software instead installs a Yontoo plug-in for Safari, Chrome, and Firefox. The plug-in inserts ads and other content onto other webpages as you surf. The real risk with browser extension-based malware is that such extensions can easily access and execute remote code--and monitor the URLs you visit, along with the content of those pages. It doesn't appear that Yontoo does that... yet.

You can check if you're a Yontoo victim by reviewing your browser's installed plug-ins. Deleting the extension should be enough to rid your Mac of the malware.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags browsersmalwaresoftwareapplicationsFirefoxMacchromesafari

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lex Friedman

Latest Videos

More videos

Blog Posts