Just yesterday the news was made public that it has been found a new trojan you're doing your thing on Mac systems, it's about "Trojan.Yontoo.1". According to the Russian antivirus company «Dr. Web", the same as discovered the famous Flashback Trojan, the malware installs as a browser plug-in, leading us to believe that it is a necessary element to play videos, movie trailers and other multimedia content.
The role of this Trojan camouflaged as a media player or download manager, is to randomly generate ad banners on different websites, thereby obtaining income that goes directly to the author's pocket, that is, the advertising banners are not expressly inserted by the website, but rather the Trojan itself is responsible for generating advertising in the browser as if it were something "legitimate" without suspecting anything.
When the plug-in is installed, it automatically directs us to another page to download a fake program called "twit tube" that has no purpose other than to give the user the feeling that they have downloaded what is necessary to view previously restricted content. Simply what is achieved is that the plug-in is installed in the browser without further ado, being available for Safari, Chrome and Firefox.
It is not excessively dangerous since it seems that it does not attack the integrity of the data contained in the system but it does steal information to generate publicity. The Dr. Web company has already come forward with a statement regarding this matter.
Criminals profit from ad network affiliate programs, and their interest in Apple computer users grows by the day. The recently discovered Trojan.Yontoo.1 can serve as a notable example of such software
For check that it is not installed in Safari, nor active at that time with the name of Yontoo, we must go to the menu "Help" in the top bar and access "Installed modules". In Chrome it can be seen by typing "chrome: // plugins /" directly into the address bar, and finally from Firefox looking for the "Add-ons" option from the tools menu.
To eliminate it completely and leave doubts just in case, we better do it in the bud. For that we must go to the following routes:
- Macintosh HD> Library> Internet Plug-Ins
- Macintosh HD> Users> "your username"> Internet Plug-Ins
If we see it in any of the folders shown in these two routes, we will delete it and restart the browser again. Although my personal advice is that it never hurts to spend some reliable cleaning program like Cleanmymac or similar, in order to finish fine-tuning the job.
More information - Apple updates Leopard to plug the Flashback hole
Source - Cnet