Have you begun noticing unexpected ads appearing on unlikely websites while browsing on your Mac? If so, it's possible you've been infected with Trojan.Yontoo.1, which has been identified by Russian anti-virus firm Doctor Web as a malware variant affecting OS X users. No infection numbers were provided and Doctor Web is currently the only company reporting the threat, indicating that it has been fairly limited thus far. Still, its existence shows how Mac users continue to be targeted by malware writers and how easy it is to trick some users into installing it.

Here's how Trojan.Yontoo.1 works. An installer is presented to users as a browser plugin—usually on specially crafted webpages claiming to show movie trailers—but may also present itself as a media player, download accelerator, or "a video quality enhancement program." The installer asks the user if he or she wants to install an app called Free Twit Tube; at that point, the installer downloads the trojan from the Internet, which installs a plugin for all available browsers, including Safari, Firefox, and Chrome.

From there, the Yontoo trojan monitors your Web browsing and, according to Doctor Web, transmits information about what pages you visit to a remote server. It then injects ads into those pages using third-party code, allowing the attackers to collect unauthorized ad views on nearly any website they please. And yes, that includes Apple's own website.

Schemes like this are nothing new to the Windows world (Symantec has a note about Yontoo on Windows) but they're becoming increasingly common for Mac users as well. On the upside, Yontoo doesn't appear to take advantage of any security holes in OS X; it relies entirely upon social engineering to get itself installed on a user's machine. But as we know from past experience, there are ways for malware to make its way onto the Mac without the aid of the user—Apple has already blacklisted older versions of the Java and Flash plugins due to security holes that put even the most conscientious users at risk.