Trojan.osx.yontoo.a
Apple has recently dropped a XProtect.plist definition update to protect users against a newly discovered Yontoo Trojan, which has had Mac users in a scare of the malware generating an abundance of annoying adware on their system. Was recently discovered by a Russian antivirus and security company just last week. Before and during the discovery, unfortunate Mac users surfing the web took notice to their systems prompting them to download and install a necessary plug-in claimed to be missing to view video trailers. Those who continued to install the so-called plug-in, were hit with the nasty Yontoo Trojan in full force, which inserts ads and other content onto web pages sometimes making it difficult to utilize their computer in a normal fashion. Yontoo Trojan, so far, has plagued Mac OS X systems in an effort to display preposterous pop-ups and ads within Safari, Firefox and Google Chrome web browser applications. After Apple received word of the peculiar Yontoo Trojan attack, they quickly rolled out an update to the XProtect.plist definitions file. Apple’s XProtect is an antimalware system that warns users about threats like Yontoo if they attempt to install the malicious software on their computer.
Through Apple’s XProtect, which uses a very specific and potentially location-dependent detection, the antimalware system can primarily catch the surreptitious installations of a malware threat’s file(s). Essentially, this will allow XProtect to undermine and virtually put an end to sneaky malware threats that attempt to infect a system through unconventional methods.
Passed off as a browser plugin, as Yontoo Trojan and its originating FreeTwitTube installation that it may hide under claim to be, could very well lead to the execution of malicious remote code instructing the system to carry out unwanted actions. Yontoo Trojan, linked to hackers who look to earn a pay day through the generation of affiliate network ads and traffic, may utilize these drive-by-download techniques to easily victimize computer users. You can think of it as using an older malware-attack technique but on a platform (Macs) that was never attacked as much as Windows-based PCs.
With malware like the Yontoo Trojan could be the forefront of a new dawn of malware attacks. Over the course of the past few years, Apple Mac computers have become a sharper target for cybercrooks. The underlying fact that among computer users is a relevant attribute as to why we have seen a steady incline in the number of in on the open seas of the Internet.
Hallo pengguna Mac,extra waspada ya saat meng-klik tayangan trailer film karena Mac users need to stay alert when clicking around for movie karena malware yang diadaptasi dari Windows kini juga menargetkan Apple OS X, menipu pengguna untuk mendownload codec baru untuk menonton trailer film. Jika Anda mengklik Play pada situs web yang terinfeksi, maka akan muncul tampilan seperti ini: User yang sangat ingin menyaksikan video, prtama akan dapat pemberitahuan codec HD pada komputer tidak ditemukan sehingga perlu install ulang codec. Kamudian user akan diminta “click” pada icon “Install HD video codec.” JANGAN LAKUKAN INI, JANGAN KLIK! Sebab jika Anda klik maka akan muncul tampilan berikut: Windows bukan OS X, memang benar. Tetapi faktanya, OS X juga bisa kena virus. Jargon itulah yang mendorong banyak orang mengklik Download link atau klik tombol “Install codec pack”.
Akhirnya Web plug-in yang diidetifikasi oleh ESET sebagai “Yontoo” akan langsung terinstalldan berjalan dibeberapa OS Mac yang populer seperti Safari, Chrome, dan Firefox. Laporan infeksi mengindikasikan modus infeksi adalah dengan mengelabui user, dan muncul sebagai media player palsu. Tetapi jika Anda menggunakan ESET, tentu saja tidak perlu khawatir karena Mac Anda akan tetap terlindungi, Karena proses infeksi akan terhadang. Di OS Windows, juga berhasil di block, dan diidentifikasi oleh ESET sebagai OSX/Adware.Yontoo dan Win32/Adware.Yontoo) Anda khawatir Mac Anda terinfeksi, Anda bisa melakukan checking pada plug-ins browser’. Contoh, checking pada plug in browser di Safari: Laporan yang dilansir CNET menyatakan bahwa Apple kini sudah merelease update XProtect untuk menghalau malware Yontoo ini (oleh XProtect, malware Yontoo dikena sebagai “OSX.AdPlugin.i”).
Trojan Osx Yontoo Adware
Modus teknik infeksi dan rencana kejahatan internet yang sebelumnya ditemukan dan berhasil menginfeksi pengguna Windows kini mentarget pengguna Mac. Apalagi kalau bukan motivasi ekonomi. Semua pengembangan malware umumnya didorong oleh perbandingan risiko dan keuntungan.Pendeknya ada keuntungan berupa uang dengan resiko tertangkap yang rendah. How to remove 'Yontoo' adware Trojan from your OS X system A new Trojan lures users to install a Web plug-in that tracks browsing and presents ads.
Here's how to remove it. By Topher Kessler March 21, 2013 10:02 AM PDT Security company Dr. Web is reporting on a new adware Trojan attack that is targeting Mac users, where malicious Web sites will trick users into installing a plugin that will track your browsing and display ads to you. The malware, called 'Yontoo,' will be first encountered as a media player, download manager, or other plug-in requirement for viewing contents on some maliciously crafted Web sites disguised as sources for file sharing and movie trailers. When the plug-in prompt is clicked, you're redirected to a site that downloads the Trojan installer and requires you to run it.
Trojan Osx Yontoo Api
The installer is for a fake program called 'Twit Tube,' that when installed will place a Web plug-in or extension called 'Yontoo' that will run in popular browsers like Safari, Chrome, and Firefox. When the malware is running, affected systems will be actively tracked for browsing behaviors, and legitimate Web sites will be hijacked with ad banners and other content that attempts to lure you into clicking it. This menu option in Safari will show you the installed plug-ins, which you can review for the presence of Yontoo or any other unwanted plug-ins. (Credit: Screenshot by Topher Kessler/CNET) The malware appears to be an ad-revenue attempt by the criminals behind it, but if you have recently installed a suspicious plug-in on your system and are seeing bizarre deal links appearing on frequented Web sites, then check your installed plug-ins for any trace of this malware.
You can do this in Safari and Chrome by going to the 'Extensions' preferences to see if one called Yontoo is present there, but you can also select the 'Installed Plug-Ins' option in Safari's Help menu to view information on your plug-ins. For Chrome, copy and paste the URL 'chrome://plugins/' into your browser's address field to get to its plug-in settings. In Firefox you can choose 'Add-Ons' from the Tools menu to check for extensions and plug-ins.
If you find a trace of the Yontoo plug-in on your system, then although you can disable it in each Web browser, a more-thorough option is to go to the Macintosh HD Library Internet Plug-Ins folder and remove the plug-in manually. Additionally, you should check the plug-in folder for your home directory, which can be accessed by choosing Library from the Go menu in the Finder (hold the Option key to reveal the library in this menu if it is missing), and then locate the Internet Plug-Ins folder in here. When the plug-in is removed, quit and relaunch your browsers.
Since Web plug-ins are one method for malware developers to target a system, one thing you can do to help ward off attacks is to get an inventory of your Web plug-ins folders so you know exactly what is in them, and then be able to better investigate any new items placed there. Another similar approach is to set up a monitoring service in OS X that will inform you whenever new items are placed in the Internet Plugins folders on your system.
I recently outlined a method for doing this to monitor Launch Agent folders on a Mac, and you can similarly apply this method to the following two directory paths in addition to the Launch Agent paths outlined in the article: Macintosh HD Library Internet Plug-Ins Macintosh HD Users username Library Internet Plug-Ins.