Researchers Uncover Yontoo Adware Trojan for Mac, Windows

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Dr. Web researchers recently discovered a Trojan for Mac OS X called Trojan.Yontoo.1, which downloads and installs an adware browser plug-in for Safari, Chrome and Firefox.

The malware is spread via malicious movie trailer Web sites that prompt users to install a browser plug-in called HD Video Player in order to view a trailer -- but when a user clicks on "Install the plug-in," they're redirected to another site, from which Trojan.Yontoo.1 is downloaded. (That's not the only way it's distributed -- the Trojan is also delivered as a fake media player, a video quality enhancement program, and a download accelerator.)

When the download is launched, the malware asks the user for permission to install "Free Twit Tube." If the user clicks on "Continue," the Yontoo adware plug-in is downloaded and installed.

"While a user surfs the Web, the plugin transmits information about the loaded pages to a remote server," the researchers write. "In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user."

If you've been targeted, CNET News' Topher Kessler offers detailed instructions how how to remove the Trojan from your system.

While this version targets Mac users, the researchers also note that a similar scheme targets Windows PCs as well.