Known to inject ads into browsers such as Chrome, Firefox and Safari, the Trojan is seemingly trying to make money for its creators. The Trojan infects Macs in multiple ways – some of the most popular methods similar to those adopted by Windows based Trojans like promoting a user to install media player plug-in for the browser; download accelerator; video enhancing codec; etc.
Detected by Doctor Web, the Russian security firm, the Trojan has been named “Trojan.Yontoo.1” and according to the company it is part of a broader adware scheme for OS X systems. According to the analysis carried out by researchers over at the security firm, once launched the Trojan prompts gullible users to install “Free Twit Tube” or some other similar software as show below:
Similar to strategy adopted by Windows Trojans, rather than installing the actual program, the Trojan.Yontoo.1 installs adware plug-ins for all three commonly browsers for Mac – Safari, Firefox and Chrome. Once installed the plug-in starts transmitting information about the web pages loaded onto the browser to remote server which in turn will send a file back to the infected system which would inject code into web pages being currently viewed by users.
Below is the example of Apple.com page where ads have been injected.
