The myth of adware and malware not being directed at Mac computers is being further debunked as the latest threat to OS X comes in the form of a trojan injecting ads into popular web browsers. Users of Mozilla Firefox, Google Chrome, and Apple’s Safari web browser should be on the look-out for the Trojan.Yontoo.1 adware that is inserts itself into the browsers of infected systems.
Although there are various methods for Yontoo to entrap users, it primarily lures its victims in to watch movie trailers requiring a download of a plug-in to view the full trailer. Of course, if users are really interested in the movie, most will attempt to install the plug-in which in turn actually installs Yontoo onto their computers. Once installed, Yontoo begins tracking the information from the websites that are visited to a remote server and information from the server is then returned that embeds the adware into the pages that the user has browsed to.
Those affected should install the latest OS X updates as Apple has included the latest definitions for XProtect to remove Yontoo.
See Yontoo in actions in the screenshots below.
MAR