A new Mac-specific trojan has surfaced that can push its own ads into websites viewed in Safari, Chrome, and Firefox. The trojan tricks users into installing an adware browser plugin that handles the job of inserting extra ads into Web pages.
The trojan, called Trojan.Yontoo.1, typically presents victims with a dialog asking them to install a new video or media player. Instead of installing the promised plug-in, the trojan instead installs an ad plug-in that sends data about loaded pages to a remote server that can embed code into the sites users visit and display extras ads, according the the Russian security firm Doctor Web.
Yontoo trojan throws extra ads into Web pages
The company said on its website,
There are several ways for the Trojan to get onto a computer. To spread the Trojan, criminals crafted movie trailer pages that prompt users to install a browser plugin. In fact, the prompt only imitates a common dialogue displayed when a plugin needs to be installed or additional configuration is necessary. After clicking on 'Install the plug-in,' the user is redirected to another site from which Trojan.Yontoo.1 is downloaded.
Since the Yontoo plug-in is sending browsing information back to a server so it can get ads to display, it's likely the people behind the plug-in are collecting victim's online activity, too.
It's fairly easy to avoid the Yontoo trojan simply by avoiding websites that may not be trustworthy, and when you need a specific plug-in for your browser go to the company's site first instead of clicking on pop-up dialogs offering to handle the installation for you.