Until just a few minutes ago, Softonic, a software download site, was delivering adware that would be installed regardless of whether the user had declined to install it. This threat was embedded in fake UnRarX and VLC installer packages.
These packages purported to install a toolbar that is related to ChatZum. Even if the user declined the offer to install the toolbar, the package would silently install an Internet plug-in called Zako, and would change the browser’s search option to point to ChatZum’s site.
It is important to note that valid UnRarX and VLC packages do not try to surreptitiously install adware. The fake package is signed with a certificate that does not pertain to either software company.
Shady adware installers are becoming increasingly common. When you install applications from app stores and download sites, be sure to check reviews to make sure that other users have tried the package and that it behaves as expected.
Intego VirusBarrier users with up-to-date virus definitions will detect the components of this threat as OSX/Okaz.A. The fake installer and its related files are reported as Trojan, and the other components are reported as adware.