Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple blocks Yontoo Mac OS X malware in XProtect.plist update

Ashleigh Allsopp | March 27, 2013
The adware Mac OS X browser targeting Trojan tries to trick users into installing it

Following last week's discovery of the Yontoo Trojan horse that's been targeting Mac users, Apple has updated its malware and adware detections list in order to block Yontoo.

As noted by Intego, Apple updated the XProtect.plist definitions file on Friday to give Mac OS X the ability to detect Yontoo, which tries to trick Mac users into installing it by prompting users to install a browser plug-in when they visit a compromised or malicious webpage.

Apple's XProtect anti-malware system will now warn users about Yontoo if they try to install the software onto their Mac. Intego says that the detection is "very specific and potentially location-dependent."

"This extra specificity is likely there so as to catch only the surreptitious installations of this file," Intego explains.

Yontoo was initially discovered by a Russian anti-virus and security company last week. Unknowing web surfers who attempt to view video trailers are told that a necessary plug-in is missing, and that they need to install it. Once installed, the Yontoo plug-in can insert ads and other content onto web pages you surf via Safari, Chrome or Firefox. Clicking or viewing these ads can generate ad affiliate network profits for the Trojan's creators.


Sign up for MIS Asia eNewsletters.