Slashdot Mirror
New OS X Trojan Adware Injects Ads Into Chrome, Firefox, Safari
An anonymous reader writes "A new trojan specifically for Macs has been discovered that installs an adware plugin. The malware attempts to monetize its attack by injecting ads into Chrome, Firefox, and Safari (the most popular browsers on Apple's desktop platform) in the hopes that users will generate money for its creators by viewing (and maybe even clicking) them. The threat, detected as "Trojan.Yontoo.1" by Russian security firm Doctor Web, is part of a wider scheme of adware for OS X that has "been increasing in number since the beginning of 2013," according to the company."
Can someone explain to me why advertisers would want to pay for bogus clicks? How does this money get laundered to hide the trojan creator and also defraud the advertiser?
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
Basically, this requires you to download and execute an installer, then click through it (including entering the administrator password). At that point, you could have installed something far worse then adware.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
THIS!
The user is a flaw every OS has.
Yontoo Layers is a "legitimate" advertising program that just barely complies with US laws. I find it on at least 1 in 3 customer computers at my shop. It has a legit uninstaller and asks for permission to install by piggybacking on freeware and installer framers like download.com's new atrocity. So to call it a trojan is just asking for another Symantec style lawsuit for defamation, etc. You have to call it "possibly unpopular software" now. And if this is coincidentally another Yontoo unrelated to the actual company, that's a whole new depth of deep shit they're in for naming it that. That'd be right up there with naming it Pepsi.
At that point, you could have installed something far worse then adware
Like RealPlayer
You and the summary left out the best part: the installer's name is "Free Twit Tube." Almost as bad as a girl on a dating site agreeing to go out with someone with the username "DonkeyPunchLover."
Not at all.
Blame the buggy OS is when you get a nice drive by install or virus. Adware that requires a user to install is always the users fault.
Can Someone explain to me why Yontoo is detected on the Mac Platform but on Windows it's totally ok.
While we're at it, why are any of these still not detected by any malware scanner. Even as a Potentially Unwanted Program? I'm sure just about anything listed here does a lot more malicious stuff than anything spyware like Gator ever did.
Anything from Conduitt
Anything from Mindspark Interactive
myfuncards
arcadecandy
arcadeweb
funweb
freeze.com
pricegong
getsavin
coupon wonderland
fantistigames
big fish games
quiklinkx
defaulttab
mywebsearch
we care ASCPA Reminder (my personal favorite. When you uninstall it, it basically accuses you of wanting to kill puppies.)
shop to win
inbox toolbar
anything from Crawler
24x7 help
blekko
dealply
ETC
Most of the above either popup ads, install, or trick users into installing more junk like registry scanners, fake flash players and the like. Yet almost no scanner I've found short of JRT or ADWcleaner gets rid of these things.
It's about time these AV companies wake the heck up and realize that Spyware is back disguising itself as adware and is more prevalent than ever,
In Soviet Russia, Trojan exploits YOU!
Unlike in Windows, where you simply have to view an advert in Internet Explorer and your system is infected...
IE itself is exploited no more than 10% of the time to infect a Windows computer. Windows gets drive-by infections these days from exploits in Java, Acrobat, and Flash, which are not unique to Windows. There's no reason for attackers to focus on a single browser any more when they can instead target a plugin like Java that works across all browsers.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black