To spread the Trojan, criminals crafted movie trailer pages that prompt users to install a browser plugin. In fact, the prompt only imitates a common dialogue displayed when a plugin needs to be installed or additional configuration is necessary. After clicking on ‘Install the plug-in’, the user is redirected to another site from which Trojan.Yontoo.1 is downloaded.
While an infected user surfs the web, the plugin then transmits information about the loaded pages to a remote server. In return, it receives a file that can embed third-party code into the webpages. For example, you can see ads injected into an Apple webpage in the screenshot below...
Dr. Web says that its software detects the trojan as Adware.plugin.
Read More [via MacRumors]