Apple has silently updated built-in malware definitions in OS X to block the Yontoo trojan
, says security firm Intego. In OS X's Xprotect file the trojan is identified as "OSX.AdPlugin.i." Following testing, Intego calls Apple's detection "very specific and potentially location-dependent," and "likely there so as to catch only the surreptitious installations of this file."
The malware comes disguised as a useful or necessary add-on, but in reality installs a plugin for Safari, Chrome, and Firefox that inserts ads into previously ad-free web content. At Apple.com, for instance, a visitor might suddenly see ads for discount iPads from a third-party vendor. The company's anti-malware system is built into Snow Leopard, Lion, and Mountain Lion.