A Trojan for OS X that can download and install plug-ins for Safari, Chrome, and Firefox. These extensions serve the purpose of displaying advertisements to users as they browse webpages.
The Trojan's binary file has the name Custom Installer. Once launched, it downloads another application called Yontoo Installer Silent that contains the following extensions:
- Yontoo.safariextz
- YontooFFClient.xpi
- YontooLayers.crx
Then script files from the following affiliate programs are downloaded:
- www.bottombarbrain2.com,
- vpntease.com,
- trafficvance.com,
- amit.com,
- lgit.com,
- www.superfish.com,
- www.dropdowndeals.com,
- www.ireview.com,
- noproblemppc.com,
- www.toprelatedtopics.com,
- chango.com,
- lotame.com,
- easyinline.com,
- msfsob.com,
- mythingsmedia.net,
- www.yontoo.com,
- getsuperweb.com.