The malware is spread via malicious movie trailer Web sites that prompt users to install a browser plug-in called HD Video Player in order to view a trailer -- but when a user clicks on "Install the plug-in," they're redirected to another site, from which Trojan.Yontoo.1 is downloaded. (That's not the only way it's distributed -- the Trojan is also delivered as a fake media player, a video quality enhancement program, and a download accelerator.)
When the download is launched, the malware asks the user for permission to install "Free Twit Tube." If the user clicks on "Continue," the Yontoo adware plug-in is downloaded and installed.
"While a user surfs the Web, the plugin transmits information about the loaded pages to a remote server," the researchers write. "In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user."
If you've been targeted, CNET News' Topher Kessler offers detailed instructions how how to remove the Trojan from your system.
While this version targets Mac users, the researchers also note that a similar scheme targets Windows PCs as well.