A new Trojan lures users to install an internet plug-in that tracks browsing and presents ads. Here’s a way to remove it.
Security company Dr. web is reporting on a brand new adware Trojan attack that’s targeting macintosh users, where malicious websites can trick users into installing a plugin which will track your browsing and show ads to you.
The malware, known as “Yontoo,” are going to be 1st encountered as a media player, download manager, or different plug-in requirement for viewing contents on some maliciously crafted websites disguised as sources for file sharing and movie trailers. once the plug-in prompt is clicked, you are redirected to a website that downloads the Trojan installer and needs you to run it. The installer is for a fake program referred to as “Twit Tube,” that once installed can place an internet plug-in or extension known as “Yontoo” which will run in common browsers like safari, Chrome, and Firefox.
When the malware is running, affected systems are going to be actively tracked for browsing behaviors, and legitimate websites are going to be hijacked with ad banners and alternative content that makes an attempt to lure you into clicking it.
The malware seems to be an ad-revenue try by the criminals behind it, however if you’ve recently installed a suspicious plug-in on your system and are seeing bizarre deal links showing on frequented websites, then check your installed plug-ins for any trace of this malware. you’ll be able to try this in safari and Chrome by reaching to the “Extensions” preferences to see if one called Yontoo is present there, however you’ll be able to additionally choose the “Installed Plug-Ins” option in Safari’s help menu to look at information on your plug-ins. For Chrome, copy and paste the URL “chrome://plugins/” into your browser’s address field to urge to its plug-in settings. In Firefox you’ll be able to select “Add-Ons” from the Tools menu to see for extensions and plug-ins.
If you discover a trace of the Yontoo plug-in on your system, then though you’ll be able to disable it in each browser, a more-thorough possibility is to go to the Macintosh HD > Library > internet Plug-Ins folder and take away the plug-in manually. in addition, you should check the plug-in folder for your home directory, which may be accessed by selecting Library from the Go menu within the Finder (hold the option key to reveal the library during this menu if it’s missing), and so find the internet Plug-Ins folder in here. once the plug-in is removed, quit and relaunch your browsers.
Since internet plug-ins are one technique for malware developers to focus on a system, one factor you’ll be able to do to assist keep off attacks is to get a list of your internet plug-ins folders therefore you recognize precisely what’s in them, then be able to better investigate any new things placed there. Another similar approach is to set up a observation service in OS X which will inform you whenever new things are placed within the web Plugins folders on your system. I recently outlined a way for doing this to monitor Launch Agent folders on a macintosh, and you’ll be able to equally apply this technique to the subsequent 2 directory paths additionally to the Launch Agent paths made public within the article:
Macintosh HD > Library > net Plug-Ins
Macintosh HD > Users > username > Library > net Plug-Ins