Mac Users Getting Slammed By Yontoo Trojan


Users of Apple's Mac OS X are increasingly being infected by an adware program that records browsing habits, according to an alert issued by a Russian antivirus firm.

Doctor Web said the Yontoo Trojan, which installs an adware browser plug-in, surfaced in 2011 but has increasingly been downloaded by Mac users since the beginning of the year. The company pushing the malware lures victims to movie trailer pages that prompt them to install the browser plug-in, the security firm said. The Trojan affects Apple users of Safari, Chrome and Firefox.

"Criminals profit from affiliate ad network programs, and their interest in users of Apple-compatible computers grows day by day," Doctor Web said in an alert issued this week. "The trend toward a growing number of adware for various platforms has persisted from early 2013."

[Related: Mac Attacks: Top 10 Bugs Targeting Apple]

Once tricked into installing the plug-in, the malicious code redirects the user to a site hosting the Yontoo Trojan. "The Trojan can also be downloaded as a media player, a video quality enhancement program or a download accelerator," Doctor Web said.

The security firm said the plug-in transmits information about the loaded pages to a remote server and likely uses the data in advertising campaigns.

Walnut, Calif.-based Yontoo said its plug-in adds a virtual graphic layer over any existing Web page. The company also supports PageRage, which it said adds Facebook layouts to a Facebook profile, and Buzzdock, a search engine. PageRage and Buzzdoc are both identified as adware by security firms.

Yontoo said it enhances users' interaction with various websites by adding features, functionality and content through the browser. The plug-in is also compatible with the Internet Explorer and RocketMelt browsers. Security vendors consider Yontoo to be adware/spyware because it tricks users into downloading it and then collects their viewing habits.

Mac users are increasingly targeted by attackers, say security experts, pointing to its rising popularity and market share. The threat to Apple users was highlighted in 2011 and 2012 when the Flashback Trojan, infected up to 600,000 Macs. Flashback is considered much more serious by security firms because it is capable of stealing passwords and other data.

PUBLISHED MARCH 22, 2013