Apple blocks Yontoo Mac OS X malware in XProtect.plist update

The adware Mac OS X browser targeting Trojan tries to trick users into installing it

Following last week's discovery of the Yontoo Trojan horse that's been targeting Mac users, Apple has updated its malware and adware detections list in order to block Yontoo.

As noted by Intego, Apple updated the XProtect.plist definitions file on Friday to give Mac OS X the ability to detect Yontoo, which tries to trick Mac users into installing it by prompting users to install a browser plug-in when they visit a compromised or malicious webpage.

Apple's XProtect anti-malware system will now warn users about Yontoo if they try to install the software onto their Mac. Intego says that the detection is "very specific and potentially location-dependent."

"This extra specificity is likely there so as to catch only the surreptitious installations of this file," Intego explains.

Yontoo was initially discovered by a Russian anti-virus and security company last week. Unknowing web surfers who attempt to view video trailers are told that a necessary plug-in is missing, and that they need to install it. Once installed, the Yontoo plug-in can insert ads and other content onto web pages you surf via Safari, Chrome or Firefox. Clicking or viewing these ads can generate ad affiliate network profits for the Trojan's creators.

See also:

Mac malware: New Gatekeeper bypassing Mac OS X virus discovered

Apple releases Java update and malware removal tool following cyber attack

The Android malware problem is not hyped, researchers say

Apple's Phil Schiller makes dig at Android security on Twitter: 'Be safe out there'

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags AppleFirefoxMacIntego

More about AppleIntego

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ashleigh Allsopp

Latest Videos

More videos

Blog Posts