Yontoo Trojan Unleashes Adware Assault on Mac Browsers
Mar 21, 2013 3:38 PM PT
New malware is making the rounds with Mac users in its sights: Yontoo.1 can download and install an adware browser plug-in to an infected system.
Adware for Mac OS X has been increasing since the beginning of this year, according to Doctor Web, the antivirus company that identified Yontoo.1, but so far it is the most prominent of them all.
How It Works
There are several ways criminals interested in targeting Mac users are getting Yontoo.1 onto Macs, Doctor Web said.
For example, there are movie trailer pages that prompt users to install a browser plug-in.
After clicking on the prompt, a user is redirected to a site where Yontoo.1 is downloaded. The Trojan then installs the plug-in Yontoo for Safari, Chrome and Firefox. While the user surfs the Web, the plug-in transmits information about the loaded pages to a remote server.
The Trojan also embeds third-party code into pages visited by the user, which is how an apple.com page, for example, is displayed on an infected machine.
Yontoo.1 is also masquerading as a media player, a video quality enhancement program, or a download accelerator.
News of the adware might come as a shock to the average Mac user, who has been schooled in the notion that Macs don't get viruses because it is not worthwhile for malware writers to target them.
That theory hasn't been true for a while -- if it ever was, Richard Wang, manager of SophosLabs US, told MacNewsWorld.
"Macs have been targets for some time," he said. "Their numbers are far fewer than PCs, and they are less commonly attacked, but they are definitely not immune to online criminals."
Which operating system to target is not an either/or choice for cybercriminals, Wang added. They don't have to decide between PCs and Macs. "They can choose to attack both."
Yontoo isn't exclusively Mac-focused, noted Tim Erlin, director of IT security and risk strategy at nCircle.
"Symantec noted in December of 2012 that the original revision was targeted at Windows systems," he told MacNewsWorld.
"The idea that Macs are more secure is the result of Apple's skillful marketing," Erlin continued.
"The truth is that Macs are plagued with the same vulnerabilities as any other platform," he said, "and the reality is they may have even more vulnerabilities than other platforms because they haven't been subject to the same scrutiny over time."