A report from Dr. Web, a Russian anti-virus company,warns Mac OS X users about a new threat called Trojan.Yontoo.1.
This Trojan gets downloaded mainly from a prompt that asks users to install a browser plug-in, this prompt imitates a common dialogue for when additional configuration is necessary to watch movies online!
Instead of downloading a media plug-in, the Trojan is downloaded. Trojan.Yontoo.1 then prompts to install an extension called Twit Tube.
This is installed as an extension for Safari, Firefox and Chrome.
This then tracks the users browsing habits but also delivers adverts on all the websites that you visit. Even Apples own site!
To avoid this type of Trojan it is wise to only install plugins and extensions that you are sure of, if you are not sure just Google and if it is a known problem stay well clear. However if your device is infected follow these easy steps to banish it-
In Firefox choose ‘Add-ons’ from the Tools menu, look for an entry called ‘Yontoo’ and click Remove.
In Chrome & Safari go to Preferences and choose ‘Extensions’ and click Uninstall (In Safari you can also see any add-ons in the Help menu-Installed Plug-ins)
Once you see any sign of Yontoo on your device though I would recommend removing the plug-in more thoroughly!
Go to the Macintosh HD-Library-Internet Plug-Ins folder and remove all traces.
Once all traces are removed quit and relaunch your chosen browser.
Apple has updated its “Xprotect” anti-malware system to recognize Yontoo and warn users who attempt to install it on their machines.
Apple has decided the Yontoo Adware has fallen too far on the side of undesirable behavior, as they have released an update to the XProtect.plist definitions file to provide Mac OS X with basic detection for the Yontoo adware as OSX.AdPlugin.i. In testing, it appears this detection is very specific and potentially location-dependent. This extra specificity is likely there so as to catch only the surreptitious installations of this file.