Your browser is obsolete!

The page may not load correctly.

Free trial
Dr.Web for Android

Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Call us

+7 (495) 789-45-86

Forum
Profile

Back to news

Trojan.Yontoo.1 leads among new adware Trojans for Mac

March 19, 2013

Russian anti-virus company Doctor Web reports that adware for Mac OS X has been increasing in number since the beginning of 2013. Trojan.Yontoo.1 is the most prominent of them: It can download and install an adware browser plugin in an infected system.

According to Doctor Web's analysts, the trend towards a growing number of adware for various platforms has persisted from early 2013. Criminals profit from affiliate ad network programs, and their interest in users of Apple-compatible computers grows day by day. Recently discovered, Trojan.Yontoo.1 can serve as a striking example of such software.

There are several ways for the Trojan to get onto a computer. To spread the Trojan, criminals crafted movie trailer pages that prompt users to install a browser plugin. In fact, the prompt only imitates a common dialogue displayed when a plugin needs to be installed or additional configuration is necessary. After clicking on ‘Install the plug-in’, the user is redirected to another site from which Trojan.Yontoo.1 is downloaded.

screen

Criminals have also provided for a number of alternative ways to spread this threat. The Trojan can also be downloaded as a media player, a video quality enhancement program or a download accelerator.

When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.

screen

However, after the user presses ‘Continue’, instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.

screen

In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user. This is how an apple.com page is displayed on an infected machine.

screen

Such browser extensions are detected by Dr.Web as Adware.Plugin. It should be noted that a similar scheme for spreading the Trojan is used to target Windows PCs.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2017

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040