Following last week's discovery of the Yontoo Trojan horse that's been targeting Mac users, Apple has updated its malware and adware detections list in order to block Yontoo.

As noted by Intego, Apple updated the XProtect.plist definitions file on Friday to give Mac OS X the ability to detect Yontoo, which tries to trick Mac users into installing it by prompting users to install a browser plug-in when they visit a compromised or malicious webpage.

Apple's XProtect anti-malware system will now warn users about Yontoo if they try to install the software onto their Mac. Intego says that the detection is "very specific and potentially location-dependent."

"This extra specificity is likely there so as to catch only the surreptitious installations of this file," Intego explains.


Yontoo was initially discovered by a Russian anti-virus and security company last week. Unknowing web surfers who attempt to view video trailers are told that a necessary plug-in is missing, and that they need to install it. Once installed, the Yontoo plug-in can insert ads and other content onto web pages you surf via Safari, Chrome or Firefox. Clicking or viewing these ads can generate ad affiliate network profits for the Trojan's creators.

See also:

Mac malware: New Gatekeeper bypassing Mac OS X virus discovered

Apple releases Java update and malware removal tool following cyber attack

The Android malware problem is not hyped, researchers say

Apple's Phil Schiller makes dig at Android security on Twitter: 'Be safe out there'