March 21, 2013

New Mac OS X adware Trojan spreading via browser plugin

New Mac OS X adware Trojan spreading via browser plugin

New Mac OS X ad-ware Trojan spreading via browser plugin

Russian anti-virus company Doctor Web reports that a new Mac OS X adware Trojan spreading itself via crafted movie trailer pages that prompt users to install a browser plugin. Basically, an adware is any software package which automatically renders advertisements in order to generate revenue for its author.

--> Dubbed as 'Trojan.Yontoo.1', Attackers have provided a number of alternative ways to spread the threat. The Trojan can also be downloaded as a media player, a video quality enhancement program or a download accelerator.

When victim visits the site, the dialogue only imitates the traditional plate and specially designed by hackers to enter a potential victim of misleading. After pressing the «Install the plug-in» victim is redirected to the site to download malware.

When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube. after the user presses ‘Continue’, instead of the promised program, the Trojan downloads.

While a user surfs the web, the plugin transmits information about the loaded pages to a remote server. In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user. This is how an page is displayed on an infected machine.