“A new trojan specifically for Macs has been discovered that installs an adware plugin,” Emil Protalinski reports for TNW.
“The malware attempts to monetize its attack by injecting ads into Chrome, Firefox, and Safari (the most popular browsers on Apple’s desktop platform) in the hopes that users will generate money for its creators by viewing (and maybe even clicking) them,” Protalinski reports. “The threat, detected as ‘Trojan.Yontoo.1’ by Russian security firm Doctor Web, is part of a wider scheme of adware for OS X that has ‘been increasing in number since the beginning of 2013,’ according to the company.”
Protalinski reports, “This particular trojan can get onto your Mac in multiple ways. Criminals have so far used movie trailer pages that prompt users to install a browser plugin, a media player, a video quality enhancement program, or a download accelerator. In other words, the usual schemes we’ve seen on Windows. When launched, Trojan.Yontoo.1 prompts the user to install something called ‘Free Twit Tube’ or something similar.”
Read more in the full article here.
Related articles:
New Mac trojan hints at ties to high-priced commercial hacking toolkit – July 27, 2012
Warning: New Java trojan targets Apple’s OS X along with Windows, Linux – July 11, 2012
Symantec: Mac Flashback trojan infections declining rapidly, have dropped six-fold in a week – April 18, 2012
Apple releases Flashback trojan removal tool – April 14, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
600,000 Macs infected with Flashback trojan, 274 in Cupertino; how to check your Mac – April 5, 2012
Warning: New Mac trojan hides in pirated graphics software – November 1, 2011
Hackers port Linux trojan to Mac OS X – October 26, 2011
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011
New OS X trojan horse sends screenshots, files to remote servers – September 23, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
MACDefender trojan protection and removal guide – May 20, 2011
Apple investigating ‘MACDefender’ trojan – May 19, 2011
Apple malware: 6 years of crying wolf – May 6, 2011
Is Mac under a virus attack? No. – May 4, 2011
Intego: MACDefender rogue anti-malware program attacks Macs via SEO poisoning – May 2, 2011
Sophos details new Mac OS X Trojan – February 28, 2011
Warning: Mac users beware of yet another trojan masquerading as video codec – June 11, 2009
CNN blows it; gets all worked up about a Mac Trojan that isn’t the first nor is it the last – April 23, 2009
Mac trojan expands to affect pirated versions of Photoshop CS4 – January 26, 2009
Intego: Mac trojan horse found in pirated Apple iWork ‘09 – January 22, 2009
New Mac OS X Trojan horse identified – June 23, 2008
Mac OS X Scareware trojan ‘MacSweep from Imunizator’ tries to scam Mac users – March 29, 2008
Mac trojan makers churn out slightly modified versions to evade anti-malware detection – November 08, 2007
Mac DNS Changer Trojan [OSX/Puper] relatively simple; works like the Windows version – November 01, 2007
New Mac OS X Trojan warning – February 16, 2006
Apple: ‘Opener’ is not a virus, Trojan horse, or worm – November 02, 2004
Twit Tube?…must be Ballmer’s home video surveillance system.
No, it’s a broadcast of a Ballmer MS Executive Board meeting.
Is Leo LaPorte involved?
I always download browser add-ons with the word ‘PORN’ written prominently all over it without thinking. Yes sireee, that’s me.
I think you’re confusing Twat Tube with Twit Tube.
So once again we have something that can’t install itself, I hate seeing these labeled as trojans or malware when they are more of a malicious application. If the program cannot install itself but is dependent on the users to authorize the install of it, it’s not really a virus or trojan but more a bit of social engineering. If you changed nothing about the app but the name to “Steel your shit plugin” you would not call it an security exploit.
“If the program cannot install itself but is dependent on the users to authorize the install of it ….”
Is how a Trojan works. It says it’s one thing to get you to install it, then does something else when you run it (and possibly the thing you want, too).
Beware of Geeks bearing gifts.
That is “Geeks bearing grifts”
I HAVE BEEN TELLING PEOPLE ABOUT THE TROJAN HOARSE.
Done yelling
+1
What a weird off base complaint! The word choice in the article was actually 100% accurate.
malware = malicious software
trojan = something that tricks you by appearing to be harmless on the outside (like the Trojan Horse in the Odyssey)
On my iPad every 20th time or so I click on a link on MDN I am forwarded to a porn site. ONLY happens on MDN, no other website. I had informed MDN several times but they don’t even respond.
Rather pathetic.
Then you have done something . It happens on none of my iProds.
It could be the result of a tracking script, based on your past browsing.
Too bad iOS Safari doesn’t support something like OS X Safari extensions; extensions like AdBlock and Ghostery would make iOS so much nicer.
How is it that you alone are affected by this problem? I view MDN nearly every day on Macs, iPad and iPhone and I’ve never once been forwarded to a p0rn site. Cite a specific link or stfu.
I’ve had that happen on my iPad too, but on notalwaysright.com. I was forwarded to a porn page after reading the page for a minute or so. My wife thought my indignation was hilarious. I assumed there was something lurking in the ads too, because after backing up to the original page it didn’t do it again. x_x
You mean users installed something called “Free Twit Tube?” I like to think that something with ‘Twit’ in the name pretty much will never be downloaded by me.
“The malware attempts to monetize its attack by injecting ads into Chrome, Firefox, and Safari (the most popular browsers on Apple’s desktop platform) in the hopes that users will generate money for its creators by viewing (and maybe even clicking) them,”
Gee doesn’t sound any different than the tons of ads you get going to a lot of other media sites, except that the ads are different. Not exactly malware, unless of course you are an advertiser.
Welcome to ad wars.
Adblock and Click To Flash are Standard, both downloaded from
http://extensions.apple.com
Dr. Web and Kaspersky are still trying to scare Mac Users…
in order to sell their stupid virus detectors… once a month they launch some new code and pretend they detected it… OMG WTF ROFL.
This is precisely the reason I administer my parent’s Macs and don’t tell them the password.
It must be self-installing, because I noticed something like this on my computer several months ago, but never would have installed something like this. I figured it was a Firefox add-in because it didn’t happen in other browsers. I disabled a bunch of add-ins and it stopped.
Oh crap, I think MDN has been hit!
I’m seeing tons ads all over the place.