New Yantoo Mac Trojan Uses Browser Plugin to Inject Ads into Websites

Researchers from security firm Doctor Web have uncovered a new Mac Trojan that’s designed to inject advertisements into the websites visited by the user, allowing cybercriminals to make a profit via affiliated ad network programs.

The malware, dubbed Trojan.Yahtoo.1, is distributed on bogus movie trailer pages, or it’s disguised as various applications such as media players, download accelerators, and video quality enhancement programs.

First, potential victims are asked to install an HD Video Player browser plugin. If they accept, they’re presented with an installer for an app called Free Twit Tube.

When the “Continue” button is pressed, the Trojan downloads and installs a plugin called Yontoo. The malicious plugin works on Safari, Firefox and Chrome.

Once it’s installed, the adware plugin monitors the websites visited by the users and injects third-party code into them.

Interestingly, the attack even works against the official Apple website.