Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 21, 2013, 08:44 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
New 'Yontoo' Adware Trojan Targets Major Browsers on OS X




Russian security firm Doctor Web this week highlighted a new trojan (via The Next Web) affecting OS X systems and which installs an adware plug-in capable of injecting ads into users' browsing experience.

As with other trojans, this new Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.
Quote:
When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.

However, after the user presses 'Continue', instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.

In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user.
As an example of Yontoo's capabilities, Doctor Web shows how ads can be injected into apple.com once the plug-in has been unwittingly installed by the user.

Compared to Windows, OS X has long been a relatively unpopular target for malware authors, but attacks targeting Apple customers have been on the rise. Many of the most highly publicized attacks come via trojans that rely on tricking users into granting installation privileges, while third-party platforms such as Java have also frequently been used to inject code into Mac systems.

Apple has been increasing its efforts to fight malware, introducing a rudimentary anti-malware functionality in OS X Snow Leopard and an enhanced Gatekeeper system in OS X Mountain Lion. Apple has also increasingly been blocking vulnerable versions of Java until Oracle is able to release patched versions of its plug-ins.

Article Link: New 'Yontoo' Adware Trojan Targets Major Browsers on OS X
MacRumors is offline   0 Reply With Quote
Old Mar 21, 2013, 08:46 AM   #2
anzio
macrumors regular
 
Join Date: Dec 2010
Location: Barrie, ON
It's times like this that I'm glad that OS X has XProtect.

Oh yeah. And I'm happy I also wield common sense.
__________________
15.4" Retina MacBook Pro, 2.6GHz i7, 16GB RAM, 512GB, GT 650M ; iPhone 5s ; iPad 4th-gen ; Apple TV (x2) ; Time Capsule (2TB) ; Other various Apple devices/old laptops. Developer
anzio is offline   14 Reply With Quote
Old Mar 21, 2013, 08:47 AM   #3
needfx
macrumors 68020
 
needfx's Avatar
 
Join Date: Aug 2010
Location: macrumors apparently
some users.

writing [Press Me] sounds enough to convince them...
needfx is online now   9 Reply With Quote
Old Mar 21, 2013, 08:49 AM   #4
Slix
macrumors 6502
 
Join Date: Mar 2010
Want to install Free Twit Tube?

Seems legit.
__________________
Looking for a small, close, friendly community where you can hang out, talk about PokÚmon and anything, and have fun?
Check out The 'Wag!
Slix is offline   20 Reply With Quote
Old Mar 21, 2013, 08:51 AM   #5
furi0usbee
macrumors 6502a
 
Join Date: Jul 2008
Security against stupidity does not exist. The most secure computer in the world is only as secure as the guy using it. I don't even like installing stuff from Adobe... and I sure as hell would never install some third-party plugin/app which I know nothing about.
__________________
YouTube - Apple iPhone Support Hotline (Actual Phone Call Recording)
MacBook Pro 15" (Retina) 2.3GHz i7 / 8GB RAM  iPad mini (AT&T) (16GB)
furi0usbee is offline   1 Reply With Quote
Old Mar 21, 2013, 08:51 AM   #6
Brother Esau
Banned
 
Join Date: Jun 2010
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people
Brother Esau is offline   4 Reply With Quote
Old Mar 21, 2013, 08:52 AM   #7
litmag01
macrumors regular
 
Join Date: Jul 2009
Say YES to everything unless it asks to continue.

In that case, press CONTINUE and enter bank account number, routing number and any pertinant passwords.
__________________
Pinky was the Brain.
litmag01 is offline   18 Reply With Quote
Old Mar 21, 2013, 08:52 AM   #8
DipDog3
macrumors 6502a
 
DipDog3's Avatar
 
Join Date: Sep 2002
 
Yea, but would this work under OS X Mountain Lion???

I can't install stuff off the web without going through hoops already, don't see how a Trojan would install itself...
__________________

Interactive Phone - Try out the new Virtual iPhone 5s (Download Code @ RedRome.com)
DipDog3 is offline   3 Reply With Quote
Old Mar 21, 2013, 08:59 AM   #9
procksa49er
macrumors newbie
 
Join Date: Dec 2009
Quote:
Originally Posted by Brother Esau View Post
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people
Yes there may be some Malware, but it involves and requires user action even on relatively open machines....

Windoze can get the Herp just by being connected to the Net... Wanna try again? When a Hacker can program something that just by my Mac being on the internet, it can infect and cause harm... Then I will worry...

[Edit]
You can't fix stupid whether you're on a Mac or a Windows machine.. /rantmodeOff

I am not saying its impossible but it still hasnt happened.

Last edited by procksa49er; Mar 21, 2013 at 09:00 AM. Reason: addendum
procksa49er is offline   5 Reply With Quote
Old Mar 21, 2013, 09:00 AM   #10
sbrhwkp3
macrumors 6502a
 
Join Date: Jul 2005
Location: Lake George, NY
I'm an experienced mac user, and I don't fall for this crap, but somehow I got this on my Macbook Pro two months ago. Easy to disable in extensions, though.
sbrhwkp3 is offline   1 Reply With Quote
Old Mar 21, 2013, 09:00 AM   #11
madsci954
macrumors 68000
 
Join Date: Oct 2011
Location: Ohio
Quote:
Originally Posted by DipDog3 View Post
Yea, but would this work under OS X Mountain Lion???

I can't install stuff off the web without going through hoops already, don't see how a Trojan would install itself...
Did you read the post? It fools user by installing plugin-software, live a media player, that contains the malware and going from there.
madsci954 is offline   0 Reply With Quote
Old Mar 21, 2013, 09:03 AM   #12
vmistery
macrumors regular
 
Join Date: Apr 2010
It still relies on the users doing something and I don't think you can blame an OS for that. At the end of the day unless you are going to totally block out Admin / root rights to users who are vulnerable to making this kind of error this problem will remain common. Perhaps some sort of new permissions model is in order although I have no idea what.
vmistery is offline   0 Reply With Quote
Old Mar 21, 2013, 09:04 AM   #13
KdParker
macrumors 68040
 
KdParker's Avatar
 
Join Date: Oct 2010
So this is avoided by simply not installing the plugin? That should be simple enough to do.
__________________
64g iPhone6+Space Grey; 16g iPhone6 Silver;16g iPhone5s Space Grey;
15" retina - MBP 2.6 GHZ 16 RAM;
iPad4 retina
KdParker is offline   7 Reply With Quote
Old Mar 21, 2013, 09:05 AM   #14
Puevlo
macrumors 6502a
 
Join Date: Oct 2011
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.
Puevlo is offline   2 Reply With Quote
Old Mar 21, 2013, 09:05 AM   #15
Virtualball
macrumors 6502
 
Join Date: Jun 2006
This is a nice reminder that beyond Java-based attacks, it's extremely difficult to hack OSX
Virtualball is offline   1 Reply With Quote
Old Mar 21, 2013, 09:06 AM   #16
vmistery
macrumors regular
 
Join Date: Apr 2010
Quote:
Originally Posted by Puevlo View Post
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.
You missed patch Tuesday then?
vmistery is offline   9 Reply With Quote
Old Mar 21, 2013, 09:07 AM   #17
BasicGreatGuy
macrumors 68000
 
BasicGreatGuy's Avatar
 
Join Date: Sep 2012
Location: Atlanta, Ga.
Quote:
Originally Posted by Puevlo View Post
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.
What security flaw are you referring to with this story?
BasicGreatGuy is offline   9 Reply With Quote
Old Mar 21, 2013, 09:09 AM   #18
mabhatter
macrumors 6502a
 
Join Date: Jan 2009
We need to bring back throwing people to Lions and Tigers and Bears! White Hats, Black Hats, Etc... It would be good solid entertainment to have a YouTube channel dedicated to watching endangered animals eat human beings.

Before you cry "unfair" there are plenty of places connected to the Internet that don't have laws ... Some don't have laws against hacking and stealing... Others don't have laws against feeding hackers to bears!!!
mabhatter is offline   0 Reply With Quote
Old Mar 21, 2013, 09:11 AM   #19
Bubba Satori
macrumors 68040
 
Bubba Satori's Avatar
 
Join Date: Feb 2008
Location: B'ham
Quote:
Originally Posted by KdParker View Post
So this is avoided by simply not installing the plugin? That should be simple enough to do.
Turn everything off and it just works.
Irony is good for your health.

http://www.youtube.com/watch?v=GQb_Q8WRL_g
Bubba Satori is offline   0 Reply With Quote
Old Mar 21, 2013, 09:11 AM   #20
Simplicated
macrumors 65816
 
Simplicated's Avatar
 
Join Date: Sep 2008
Location: Waterloo, ON
Waiting for the reply that educates people on the differences between trojans, viruses and worms.

Personally, I am thankful that Xprotect is protecting my Mac. But given the growing popularity of the Mac I do believe Apple needs to be even more proactive when it comes to malware prevention.
__________________
Clarus says "Moof!"
Simplicated is offline   1 Reply With Quote
Old Mar 21, 2013, 09:12 AM   #21
Pechente
macrumors member
 
Join Date: Apr 2010
Location: Germany / Niedersachsen / Gro▀burgwedel
Send a message via ICQ to Pechente Send a message via AIM to Pechente Send a message via MSN to Pechente Send a message via Yahoo to Pechente Send a message via Skype™ to Pechente
Wow, a user can be tricked to actively install harmful software - a serious flaw in OS X!
Pechente is offline   11 Reply With Quote
Old Mar 21, 2013, 09:13 AM   #22
bbeagle
macrumors 68000
 
bbeagle's Avatar
 
Join Date: Oct 2010
Location: Buffalo, NY
Quote:
Originally Posted by Brother Esau View Post
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people
This has nothing to do with the secure Mac OS. The OS is secure, but it cannot protect USERS from screwing up.

Tell me 1 OS that can EVER be secure from someone asking 'May I install this app please?' and allowing the user click 'Yes'. The issue has always been with Windows where that popup which said 'May I install this app please?' never showed up, and the 'Yes' button was not there - the software just installed itself automatically without the user knowing. THAT is an OS problem.

Unless you want a completely walled garden where NOTHING is allowed to be installed beyond what the manufacturer installs at build time. I guess that's what you want, Brother Esau? Right?
bbeagle is offline   5 Reply With Quote
Old Mar 21, 2013, 09:14 AM   #23
AppleFan1984
macrumors 6502
 
Join Date: May 2010
Quote:
Originally Posted by furi0usbee View Post
Security against stupidity does not exist...
...except when Mac fans attempt to describe Android, then all manner of such expectations come into play.
AppleFan1984 is offline   4 Reply With Quote
Old Mar 21, 2013, 09:16 AM   #24
rmwebs
Banned
 
Join Date: Apr 2007
Quote:
Originally Posted by MacRumors View Post
Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.
Sorry but if users really are that dumb that they click those things then they deserve to get the malware, you can not only see them from a mile away, but generally the only time you'll see something like that is likely if you frequent 'questionable' content.
rmwebs is offline   3 Reply With Quote
Old Mar 21, 2013, 09:17 AM   #25
AppleFan1984
macrumors 6502
 
Join Date: May 2010
Quote:
Originally Posted by procksa49er View Post
Yes there may be some Malware, but it involves and requires user action even on relatively open machines....

Windoze can get the Herp just by being connected to the Net... Wanna try again? When a Hacker can program something that just by my Mac being on the internet, it can infect and cause harm... Then I will worry...

[Edit]
You can't fix stupid whether you're on a Mac or a Windows machine.. /rantmodeOff

I am not saying its impossible but it still hasnt happened.
Drive-by infections have happened on OS X - remember "Flashback"?:
http://www.bit-tech.net/news/bits/20...e-by-malware/1
AppleFan1984 is offline   3 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Adware Jolly Wallet. How to delete? Boosted300 Mac Applications and Mac App Store 22 Apr 6, 2014 10:06 AM
Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware MacRumors MacRumors.com News Discussion 66 Mar 26, 2013 08:22 AM
T-Mobile USA Announces Major 4G Coverage Expansion in 14 Markets, Solavei MVNO Targets iPhone Users MacRumors MacRumors.com News Discussion 65 Dec 27, 2012 10:49 AM
Adware ferrarofilms OS X 10.8 Mountain Lion 2 Dec 9, 2012 09:21 PM

Forum Jump

All times are GMT -5. The time now is 02:28 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC