Russian firm Dr. Web has brought a new trojan to light that effects Mac systems using Chrome, Safari and Firefox. Trojan.Yontoo1 installs an adware plugin that effects the users browsing experience and sends information back to a central server.
“When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube.
However, after the user presses ‘Continue’, instead of the promised program, the Trojan downloads (from the Internet) and installs the plugin Yontoo for Safari, Chrome and Firefox. These browsers are most popular among Mac OS X users. While a user surfs the web, the plugin transmits information about the loaded pages to a remote server.
In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user.”
As an example of Yontoo’s capabilities, Doctor Web shows how ads can be injected into apple.com once the plug-in has been unwittingly installed by the user.