Hackers pose as McAfee staff to trick users into installing malware, Google says

Chinese government-backed hackers posed as authentic service providers such as McAfee and GitHub to trick users into installing malware on their devices.

Updated - October 19, 2020 02:34 pm IST

Published - October 19, 2020 02:27 pm IST

These attacker groups targeted campaign staffers’ personal emails with credential phishing attacks and emails containing tracking links.

These attacker groups targeted campaign staffers’ personal emails with credential phishing attacks and emails containing tracking links.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Chinese government-backed hackers impersonated as security provider McAfee’s staff to trick users into installing malware on their devices, a Google blog post stated.

The hackers would prompt targets to install a legitimate version of McAfee anti-virus software from GitHub, while the malware was being surreptitiously installed into the system.

Google’s Threat Analysis Group that works towards thwarting cyberattacks identified the activity and sent them a prominent warning.

The findings were shared with the Federal Bureau of Investigation (FBI), Google said.

The threats come ahead of the U.S. elections, with the incidents of threats increasing over the months. Google sent 10,316 warnings about ‘government-backed attacks’ in the July to September quarter of 2020, it said.

In June, Google said it spotted phishing attacks against personal email accounts of staffers on the Biden and Trump campaigns by Chinese and Iranian Advanced Persistent Threats (APT).

These attacker groups targeted campaign staffers’ personal emails with credential phishing attacks and emails containing tracking links.

Another Chinese malware campaign was based on emailing links that would ultimately download malware hosted on GitHub. The malware was a Python-based implant using file sharing service Dropbox for command and control. It would allow the attacker to upload and download files as well as execute arbitrary commands.

Every malicious piece of the attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection, Google stated.

Also read | Haldiram’s crucial data stolen; hackers demand ₹ 7.5 lakh to release information

Earlier in September, Microsoft also noted the increase in cyberattacks targeting people and organisations involved in the U.S. Presidential elections.

Russian cyber hacking group Strontium attacked more than 200 organisations including political campaigns, advocacy groups, parties and political consultants, Microsoft stated.

Other cyber espionage groups like Zirconium and Phosphorus, operating from China and Iran respectively, attacked high-profile users associated with the election.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.