Yontoo adware used to cash in on clicks targets Mac and Windows users

Share this article:

Mac and Windows users eager to watch film trailers online are actually lining the pockets of scammers who are spreading an adware trojan.

Russian anti-virus company Dr. Web on Tuesday detailed how fraudsters are loading a trojan known as "Yontoo" onto users' machines by tricking them into installing a plug-in to watch a movie trailer. The malware is then programmed to embed ads on sites visited by compromised users.

According to Doctor Web, criminals profit from the ads through pay-per-click programs run by online affiliate advertisers.

In addition to spurious add-ons, the trojan is also disguised as media player downloads and other software for enhancing video quality or shortening download times, Doctor Web found.

The Yontoo trojan installs itself on Safari, Chrome and Firefox browsers, popular among Mac users, and transmits data about user browsing sessions to a remote server. Yontoo then embeds code into visited sites, so the infected user sees ads.

The firm said the scam illustrates how “interest in users of Apple-compatible computers grows day by day,” among criminals.

Maxim Weinstein, executive director of StopBadware, a nonprofit that focuses on preventing mischievous web activity, like adware, told SCMagazine.com on Thursday that the pay-per-click model is a favorite among fraudsters.

“They could be making the money just from advertisement [clicks],” Weinstein said of Yontoo scammers. “But you certainly get nervous. If they are willing to use malware to get the ads on your computer, who knows what else they are willing to do for money.”

A representative from Dr. Web could not be reached for comment. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.