While hacking Apple gear is fairly straight forward, once you managed it all you had access to was the user’s Coldplay collection. Now it seems that the malware writers have finally found a way to make hacking Apple toys a viable proposition by installing adverts in their browsers.
The latest flavour, the Trojan.Yontoo.1, is the most prominent and can download and install an adware browser plugin in an infected system.
The idea is that the criminals profit from affiliate ad network programs, and their interest in users of Apple-compatible toys is growing thanks to a large user base.
Recently discovered, Trojan.Yontoo.1 serves as a pretty striking example of such software.
The trojan gets onto a Mac when the user visits a movie trailer page which asks them to install a browser plugin. Apparently Apple fans fall for this every time.
The prompt imitates a common dialogue displayed when a plugin needs to be installed or additional configuration is necessary. After clicking on ‘Install the plug-in’, the user is redirected to another site from which Trojan.Yontoo.1 is downloaded.
The trojan can also be downloaded as a media player, a video quality enhancement program or a download accelerator.
We would have thought they get enough clues. When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install a “Free Twit Tube”. We guess that American Apple users do not know what a twit is.
Browser extensions are detected by Dr Web as Adware.Plugin but since most Apple users still think that malware is only for Windows users and that their toys are unhackable many don’t actually own the software.