Mac Trojan Injects Ads into Sites

Friday, March 22, 2013 @ 03:03 PM gHale

A new Mac Trojan can inject advertisements into the websites visited by the user, allowing cybercriminals to make a profit via affiliated ad network programs.

The malware, called Trojan.Yahtoo.1, ends up distributed on bogus movie trailer pages, or disguised as various applications such as media players, download accelerators, and video quality enhancement programs, said researchers from the security firm Doctor Web.

DHS Ransomware Making Rounds
European Trojan Locks Up Systems
Ransomware Leverages Windows PowerShell
Trojan a Work of ‘Poetry’

First, victims end up asked to install an HD Video Player browser plugin. If they accept, they then view an installer for an app called Free Twit Tube.

When the victim clicks on the “Continue” button, the Trojan downloads and installs a plugin called Yontoo. The malicious plugin works on Safari, Firefox and Chrome.

Once installed, the adware plugin monitors the websites visited by the users and injects third-party code into them.

Interestingly, the attack even works against the official Apple website.

Leave a Reply

You must be logged in to post a comment.