The particulars change, but the general rule doesn't: Don't install software you're not certain you can trust. A new Trojan horse targeting Mac users tries to trick you into installing it by prompting you to install a browser plug-in when you visit a compromised or malicious webpage.
Dr.Web, a Russian anti-virus and security company, dubs the malware Trojan.Yontoo.1. Unknowing Web surfers who attempt to view video trailers are told that a necessary plug-in is missing. If you click to get the plug-in, an installer for something called FreeTwitTube appears.
But rather than installing FreeTwitTube, the software instead installs a Yontoo plug-in for Safari, Chrome, and Firefox. The plug-in inserts ads and other content onto other webpages as you surf. The real risk with browser extension-based malware is that such extensions can easily access and execute remote code--and monitor the URLs you visit, along with the content of those pages. It doesn't appear that Yontoo does that... yet.
You can check if you're a Yontoo victim by reviewing your browser's installed plug-ins. Deleting the extension should be enough to rid your Mac of the malware.
Sign up for CIO Asia eNewsletters.