If you are on a Mac and using either the Apple-supplied Safari browser, or one of the popular alternatives like Firefox or Chrome, then you may have begun noticing some unexpected ads in the browser lately. Hopefully not, because it spells bad news for you, and that news is Trojan.yontoo.1.
Security firm Doctor Web is credited with the discovery of this latest attack on the Apple ecosystem. Like many Trojans though, it requires the user to make mistakes in order to get a foothold on the system. In fact, the cardinal mistake, clicking on a pop-up plugin message, is the culprit.
In order to pull this off, Doctor Web reports that "criminals crafted movie trailer pages that prompt users to install a browser plugin. In fact, the prompt only imitates a common dialogue displayed when a plugin needs to be installed or additional configuration is necessary. After clicking on ‘Install the plug-in’, the user is redirected to another site from which Trojan.Yontoo.1 is downloaded". In addition, the Trojan is also now being spread by downloads of a media player, a video quality enhancement program or a download accelerator.
Once infected, computer's browsers begin to display fake ads on many websites, including Apple.com. The Trojan then injects ads into those pages using third-party code. This allows the attackers to collect unauthorized ad views on nearly any website they want.
While all of us on Windows have grown accustomed to all of this, it remains new for those customers who opt for Apple hardware and software. However, there has been a growing number of attacks on OS X, including the recent, and rather embarrassing Java exploit, that hit Apple back in February.
Screenshot: Doctor Web