Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

New 'Yontoo' Adware Trojan Targets Major Browsers on OS X

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,519
37,818



Russian security firm Doctor Web this week highlighted a new trojan (via The Next Web) affecting OS X systems and which installs an adware plug-in capable of injecting ads into users' browsing experience.

As with other trojans, this new Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.
When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.

However, after the user presses 'Continue', instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.

In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user.
Click to expand...
As an example of Yontoo's capabilities, Doctor Web shows how ads can be injected into apple.com once the plug-in has been unwittingly installed by the user.

apple_com_adware.jpg
Compared to Windows, OS X has long been a relatively unpopular target for malware authors, but attacks targeting Apple customers have been on the rise. Many of the most highly publicized attacks come via trojans that rely on tricking users into granting installation privileges, while third-party platforms such as Java have also frequently been used to inject code into Mac systems.

Apple has been increasing its efforts to fight malware, introducing a rudimentary anti-malware functionality in OS X Snow Leopard and an enhanced Gatekeeper system in OS X Mountain Lion. Apple has also increasingly been blocking vulnerable versions of Java until Oracle is able to release patched versions of its plug-ins.

Article Link: New 'Yontoo' Adware Trojan Targets Major Browsers on OS X
 
Article Link
https://www.macrumors.com/2013/03/21/new-yontoo-adware-trojan-targets-major-browsers-on-os-x/
Security against stupidity does not exist. The most secure computer in the world is only as secure as the guy using it. I don't even like installing stuff from Adobe... and I sure as hell would never install some third-party plugin/app which I know nothing about.
 
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people:D
 
Say YES to everything unless it asks to continue.

In that case, press CONTINUE and enter bank account number, routing number and any pertinant passwords.
 
Yea, but would this work under OS X Mountain Lion???

I can't install stuff off the web without going through hoops already, don't see how a Trojan would install itself...
 
Brother Esau said:
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people:D
Click to expand...

Yes there may be some Malware, but it involves and requires user action even on relatively open machines....

Windoze can get the Herp just by being connected to the Net... Wanna try again? When a Hacker can program something that just by my Mac being on the internet, it can infect and cause harm... Then I will worry...

[Edit]
You can't fix stupid whether you're on a Mac or a Windows machine.. /rantmodeOff

I am not saying its impossible but it still hasnt happened.
 
Last edited:
I'm an experienced mac user, and I don't fall for this crap, but somehow I got this on my Macbook Pro two months ago. Easy to disable in extensions, though.
 
DipDog3 said:
Yea, but would this work under OS X Mountain Lion???

I can't install stuff off the web without going through hoops already, don't see how a Trojan would install itself...
Click to expand...

Did you read the post? It fools user by installing plugin-software, live a media player, that contains the malware and going from there.
 
It still relies on the users doing something and I don't think you can blame an OS for that. At the end of the day unless you are going to totally block out Admin / root rights to users who are vulnerable to making this kind of error this problem will remain common. Perhaps some sort of new permissions model is in order although I have no idea what.
 
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.
 
Puevlo said:
Macs were never as secure as PCs but they were unpopular enough that nobody bothered to attempt to exploit them. Now it seems that every other day there's another massive security flaw found in Mac OS X.
Click to expand...

You missed patch Tuesday then?
 
We need to bring back throwing people to Lions and Tigers and Bears! White Hats, Black Hats, Etc... It would be good solid entertainment to have a YouTube channel dedicated to watching endangered animals eat human beings.

Before you cry "unfair" there are plenty of places connected to the Internet that don't have laws ... Some don't have laws against hacking and stealing... Others don't have laws against feeding hackers to bears!!!
 
Waiting for the reply that educates people on the differences between trojans, viruses and worms. :D

Personally, I am thankful that Xprotect is protecting my Mac. But given the growing popularity of the Mac I do believe Apple needs to be even more proactive when it comes to malware prevention.
 
Brother Esau said:
Hey, I thought MAC did not get viruses or malicious code attacks?

I knew that statement was not going to last very long once Apple increased in popularity and user base.. Silly MAC people:D
Click to expand...

This has nothing to do with the secure Mac OS. The OS is secure, but it cannot protect USERS from screwing up.

Tell me 1 OS that can EVER be secure from someone asking 'May I install this app please?' and allowing the user click 'Yes'. The issue has always been with Windows where that popup which said 'May I install this app please?' never showed up, and the 'Yes' button was not there - the software just installed itself automatically without the user knowing. THAT is an OS problem.

Unless you want a completely walled garden where NOTHING is allowed to be installed beyond what the manufacturer installs at build time. I guess that's what you want, Brother Esau? Right?
 
MacRumors said:
Yontoo malware relies on tricking users into installing the package, which in this case masquerades as a movie trailer video plug-in, download accelerator, or other software a user might believe they want or need on their system.
Click to expand...

Sorry but if users really are that dumb that they click those things then they deserve to get the malware, you can not only see them from a mile away, but generally the only time you'll see something like that is likely if you frequent 'questionable' content.
 
procksa49er said:
Yes there may be some Malware, but it involves and requires user action even on relatively open machines....

Windoze can get the Herp just by being connected to the Net... Wanna try again? When a Hacker can program something that just by my Mac being on the internet, it can infect and cause harm... Then I will worry...

[Edit]
You can't fix stupid whether you're on a Mac or a Windows machine.. /rantmodeOff

I am not saying its impossible but it still hasnt happened.
Click to expand...
Drive-by infections have happened on OS X - remember "Flashback"?:
http://www.bit-tech.net/news/bits/2012/04/05/os-x-drive-by-malware/1
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back