The Russian security company Doctor Web has reported that the volume of adware for Mac OS X has exploded since the beginning of 2013, especially the Yontoo Trojan, a malware specimen that can download and install a plugin with adware in the browser of the infected system.
According to analysts at Doctor Web, there are several ways to get the Yontoo Trojan log into the system. To spread the trojan, criminals have created movie trailer pages through which they tempt users of Mac to install a plugin in your browser. To do this, the message that appears mimics the one that usually opens when a plugin needs to be installed or additional configuration is required. After clicking ‘Install plugin’, the user is redirected to another site from which Trojan.Yontoo.1 is downloaded. “The Trojan can also be downloaded as a media player, video quality improvement program or download accelerator,” he says. Doctor Web.
The Yontoo Trojan download and install the plugin for Safari, Chrome and Firefox, which are the most popular browsers among users of Mac OS X. According Doctor Web, while the user browses the web, the plugin transmits information about the loaded pages to a remote server. In return, it gets a file that allows the Trojan to embed third-party code on the pages visited by the user.
For this reason, Apple has updated the definitions in the XProtect.plist file to give its Mac OS X operating system the ability to detect Yontoo.
Related news:
– Apple patches six vulnerabilities with the new version of iOS
– Alert of the Wirenet Trojan for Linux and OS X
