OSX/Adware.Yontoo [Threat Name] go to Threat
OSX/Adware.Yontoo.A [Threat Variant Name]
|Detection created||Feb 27, 2013|
|Signature database version||8057|
OSX/Adware.Yontoo.A is a adware used for delivery of unsolicited advertisements.
The adware is a malicious Mozilla Firefox, Google Chrome, Safari extension/plugin.
The adware contains a URL address.
It tries to download a file from the address.
The file is stored in the following location:
The adware installs additional files into the folders belonging to the following applications:
The adware creates the following files:
- /Users/%username%/Library/Application Support/FireFox/Profilesfirstname.lastname@example.org
- /Users/%username%/Library/Application Support/Google/Chrome/YontooLayers.crx
- /Users/%username%/Library/Application Support/Google/Chrome/External Extensions/niapdbllcanepiiimjjndipklodoedlc.json
The following files are modified:
- /Users/%username%/Library/Application Support/FireFox/Profiles/%profilname%/user.js
OSX/Adware.Yontoo.A is an adware - an application designed for delivery of unsolicited advertisements.