Ad-injecting trojan targets Mac users on Safari, Firefox, and Chrome

Have you begun noticing unexpected ads appearing on unlikely websites while browsing on your Mac? If so, it's possible you've been infected with Trojan.Yontoo.1, which has been identified by Russian anti-virus firm Doctor Web as a malware variant affecting OS X users. No infection numbers were provided and Doctor Web is currently the only company reporting the threat, indicating that it has been fairly limited thus far. Still, its existence shows how Mac users continue to be targeted by malware writers and how easy it is to trick some users into installing it.

Here's how Trojan.Yontoo.1 works. An installer is presented to users as a browser plugin—usually on specially crafted webpages claiming to show movie trailers—but may also present itself as a media player, download accelerator, or "a video quality enhancement program." The installer asks the user if he or she wants to install an app called Free Twit Tube; at that point, the installer downloads the trojan from the Internet, which installs a plugin for all available browsers, including Safari, Firefox, and Chrome.

From there, the Yontoo trojan monitors your Web browsing and, according to Doctor Web, transmits information about what pages you visit to a remote server. It then injects ads into those pages using third-party code, allowing the attackers to collect unauthorized ad views on nearly any website they please. And yes, that includes Apple's own website.

Read 1 remaining paragraphs | Comments