Yontoo trojan

A new trojan is making the rounds for Macs, but it requires the user to actively download it for it to infect your system.

Dr. Web is reporting that a new trojan known as “Trojan.Yontoo.1” is making its way around the Internet, hunting for unsuspecting Mac users. The malware, once installed, will inject ads in to the user’s browsing experience while they use the Chrome, Firefox and Safari browsers.

The new trojan does require the user to actively allow a download. Apparently the authors hace built several movie trailer sites to lure unsuspecting Mac users in, and then informs them that they need to install a browser plugin to watch the videos. They have also disguised it as a media player, a video quality enhancement program and a download accelerator.

Once downloaded, the usual pop-up dialogue will appear prompting you to finish the installation for a program called “Free Twit Tube.” Once you go through the screens you will be infected with the trojan which will begin injecting ads into the web pages you visit such as in the example above where third-party ads appear on the Apple site.

As always when browsing the Web on any computer, you should never download anything from a site you are not familiar with. The Yontoo trojan is also attacking Windows-based machines, but the seemingly infrequent attacks on Macs is what makes this aspect noteworthy. While Macs have generally been ignored by malware authors over the years due to them making up a small percentage of the personal computer installation base, as their popularity has grown, so has the lure to target them with such attacks.

Be careful out there no matter which operating system you use.