Ad-injecting “Yontoo” Trojan Targets Mac Users

If your Mac has unexpected advertisements appearing on websites where you know its unlikely to see such ads, its an indication that your system is infected with “Trojan.Yontoo.1” which is identified by a Russian based anti-virus company Doctor Web. This Malware only affects Mac OSX users.

Although the number of infections is not yet provided by the company, it seems that the threat is limited so far. But the existence of such malware to affect Mac systems shows that Mac can be affected by Malware writers, showing that its easy enough to install on the system via the browsers.

The malware is presented in the form of an installer for a plugin browser on certain websites and even as a media player. The installer asks the user if they require to install an app called Twit Tube. Accepting will download the trojan and install the plugin on all the browsers such as Safari, Firefox and Chrome. Yontoo then monitors your browsing habits and transmits the information to a remote server. With that information, the remove server injects advertisements on websites using a 3rd party code, therefore letting the information being collected without the users consent on nearly any website they desire, including Apple Inc.

Symantec also had a note written about Yontoo for Windows.

As of now, Yontoo does not exploit any security loopholes in OS X. There are many ways for a Malware to affect Mac users without the user’s help, which is why Apple blacklisted older Java and Flash plugins as the security exploits allowed to put the users in risk. But now with the signs which show that Mac systems aren’t “Malware proof”, it is a very possibile that due to its popularity and number of users, Mac systems may be facing even more of such malware attacks.

Source: ArsTechnica