Jump to content
Login new information ×
Login new information

Google: Chinese Hackers Are Posing as McAfee Antivirus to Phish Victims

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Google’s security team has spotted the suspected Chinese hacking group APT 31 emailing links designed to ultimately download malware to spy on victims' computers.

 

ncatz4h.jpg

 

Chinese state-sponsored hackers may be impersonating antivirus provider McAfee in order to trick high-profile targets into downloading malware.

 

The suspected Chinese hacking group, APT 31, has been resorting to the tactic, according to Google’s security team. Back in June, the company’s security researchers reported that APT 31 had been targeting Joe Biden’s Presidential campaign by sending phishing emails to his staff. The goal was to hijack their personal email accounts, but Google says the phishing attempts all appear to have failed.

 

On Friday, the company provided an update on APT 31’s activities. Google’s security team has spotted the hackers emailing links designed to ultimately download malware hosted over Github, the software development platform.

 

Specifically, the Window-based malware is built using the Python computing language. The hacker can then control the malicious code using the free cloud storage service Dropbox. 

 

“(The malware) would allow the attacker to upload and download files as well as execute arbitrary commands,” wrote Google security researcher Shane Huntley in the blog post. “Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection.”

 

ja8nhcL.png

(Credit: Google)

 

Huntley then went on to say one phishing technique from APT 31 involved posing as antivirus provider McAfee. “The targets would be prompted to install a legitimate version of McAfee anti-virus software from GitHub, while malware was simultaneously silently installed to the system,” he said. 

 

Posing as McAfee is pretty devious given that the company is a well-known name in cybersecurity. But the tactic isn’t surprising either. State-sponsored hackers often pretend to be major internet and software providers in order to trick victims into opening their phishing emails.

 

Source

Link to comment
Share on other sites
  • Replies 2
  • Views 743
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...