Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,194
30,135



Russian security firm Doctor Web this week highlighted a new trojan (via The Next Web) affecting OS X systems and which installs an adware plug-in capable of injecting ads into users' browsing experience.

As with other trojans, this new Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.
When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.

However, after the user presses 'Continue', instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.

In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user.
As an example of Yontoo's capabilities, Doctor Web shows how ads can be injected into apple.com once the plug-in has been unwittingly installed by the user.

apple_com_adware.jpg
Compared to Windows, OS X has long been a relatively unpopular target for malware authors, but attacks targeting Apple customers have been on the rise. Many of the most highly publicized attacks come via trojans that rely on tricking users into granting installation privileges, while third-party platforms such as Java have also frequently been used to inject code into Mac systems.

Apple has been increasing its efforts to fight malware, introducing a rudimentary anti-malware functionality in OS X Snow Leopard and an enhanced Gatekeeper system in OS X Mountain Lion. Apple has also increasingly been blocking vulnerable versions of Java until Oracle is able to release patched versions of its plug-ins.

Article Link: New 'Yontoo' Adware Trojan Targets Major Browsers on OS X
 

furi0usbee

macrumors 68000
Jul 11, 2008
1,790
1,381
Security against stupidity does not exist. The most secure computer in the world is only as secure as the guy using it. I don't even like installing stuff from Adobe... and I sure as hell would never install some third-party plugin/app which I know nothing about.
 

Brother Esau

macrumors 6502
Jun 30, 2010
277
0
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people:D
 

litmag01

macrumors 6502
Jul 16, 2009
371
270
Say YES to everything unless it asks to continue.

In that case, press CONTINUE and enter bank account number, routing number and any pertinant passwords.
 

DipDog3

macrumors 65816
Sep 20, 2002
1,191
812
Yea, but would this work under OS X Mountain Lion???

I can't install stuff off the web without going through hoops already, don't see how a Trojan would install itself...
 

procksa49er

macrumors newbie
Dec 17, 2009
13
1
United States
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people:D

Yes there may be some Malware, but it involves and requires user action even on relatively open machines....

Windoze can get the Herp just by being connected to the Net... Wanna try again? When a Hacker can program something that just by my Mac being on the internet, it can infect and cause harm... Then I will worry...

[Edit]
You can't fix stupid whether you're on a Mac or a Windows machine.. /rantmodeOff

I am not saying its impossible but it still hasnt happened.
 
Last edited:

sbrhwkp3

macrumors 6502a
Jul 17, 2005
551
73
Lake George, NY
I'm an experienced mac user, and I don't fall for this crap, but somehow I got this on my Macbook Pro two months ago. Easy to disable in extensions, though.
 

madsci954

macrumors 68030
Oct 14, 2011
2,725
658
Ohio
Yea, but would this work under OS X Mountain Lion???

I can't install stuff off the web without going through hoops already, don't see how a Trojan would install itself...

Did you read the post? It fools user by installing plugin-software, live a media player, that contains the malware and going from there.
 

vmistery

macrumors 6502a
Apr 6, 2010
941
687
UK
It still relies on the users doing something and I don't think you can blame an OS for that. At the end of the day unless you are going to totally block out Admin / root rights to users who are vulnerable to making this kind of error this problem will remain common. Perhaps some sort of new permissions model is in order although I have no idea what.
 

Puevlo

macrumors 6502a
Oct 21, 2011
633
1
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.
 

vmistery

macrumors 6502a
Apr 6, 2010
941
687
UK
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.

You missed patch Tuesday then?
 

mabhatter

macrumors 65816
Jan 3, 2009
1,022
388
We need to bring back throwing people to Lions and Tigers and Bears! White Hats, Black Hats, Etc... It would be good solid entertainment to have a YouTube channel dedicated to watching endangered animals eat human beings.

Before you cry "unfair" there are plenty of places connected to the Internet that don't have laws ... Some don't have laws against hacking and stealing... Others don't have laws against feeding hackers to bears!!!
 

Simplicated

macrumors 65816
Sep 20, 2008
1,422
254
Waterloo, Ontario, Canada
Waiting for the reply that educates people on the differences between trojans, viruses and worms. :D

Personally, I am thankful that Xprotect is protecting my Mac. But given the growing popularity of the Mac I do believe Apple needs to be even more proactive when it comes to malware prevention.
 

bbeagle

macrumors 68040
Oct 19, 2010
3,539
2,972
Buffalo, NY
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people:D

This has nothing to do with the secure Mac OS. The OS is secure, but it cannot protect USERS from screwing up.

Tell me 1 OS that can EVER be secure from someone asking 'May I install this app please?' and allowing the user click 'Yes'. The issue has always been with Windows where that popup which said 'May I install this app please?' never showed up, and the 'Yes' button was not there - the software just installed itself automatically without the user knowing. THAT is an OS problem.

Unless you want a completely walled garden where NOTHING is allowed to be installed beyond what the manufacturer installs at build time. I guess that's what you want, Brother Esau? Right?
 

rmwebs

macrumors 68040
Apr 6, 2007
3,140
0
Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.

Sorry but if users really are that dumb that they click those things then they deserve to get the malware, you can not only see them from a mile away, but generally the only time you'll see something like that is likely if you frequent 'questionable' content.
 

AppleFan1984

macrumors 6502
May 6, 2010
298
0
Yes there may be some Malware, but it involves and requires user action even on relatively open machines....

Windoze can get the Herp just by being connected to the Net... Wanna try again? When a Hacker can program something that just by my Mac being on the internet, it can infect and cause harm... Then I will worry...

[Edit]
You can't fix stupid whether you're on a Mac or a Windows machine.. /rantmodeOff

I am not saying its impossible but it still hasnt happened.
Drive-by infections have happened on OS X - remember "Flashback"?:
http://www.bit-tech.net/news/bits/2012/04/05/os-x-drive-by-malware/1
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.