A potentially unwanted program called Yontoo has shifted its focus and is seeking to infect Chrome browser users, according to a report by Malwarebytes. The adware, which alters Chrome users' browsers settings, previously targeted Firefox users.
In April, after researchers discovered vulnerabilities in popular, non-malicious Firefox extensions that allowed attackers to bypass security checks and gain elevated privilege to user information, Mozilla said it was changing how browser extensions would be implemented in Firefox. Yontoo's migration to Chrome appears to be a reaction to Firefox's decision to disable browser extensions.
“Firefox started disabling their browser Extensions as they could not be verified. So maybe we can chalk this one down as a victory for those guidelines,” wrote Malwarebytes security blogger Pieter Arntz. “Why they apparently have stopped targeting Internet Explorer is a mystery to us at this point in time. Maybe they are planning a similar move to target Edge with newer variants.”
Yontoo was initially discovered in 2013, when it targeted users and installed a plug-in for viewing movie trailers.