Phishers Pose as McAfee - ThreatWire
Added 2020-10-20 16:59:48 +0000 UTCBy Shannon Morse, ThreatWire
According to reports by Google’s security team, APT 31, the Chinese hacking group who has been mentioned on ThreatWire many times over the past decade for their state sponsored attacks, is now targeting victims by posing as McAfee antivirus to send phishing emails in an attempt to get unsuspecting targets to download malware on their machines.
The Threat Analysis Group at Google made an update to their reports from earlier this year, saying APT31 was attacking the former vice president’s campaign staff by sending these emails, but they’ve now resorted to this new tactic as so far, the phishing attempts have failed. The hacking group has continually tried to get victims to download malware that is being hosted on Github, written in Python, and controlled using a Dropbox storage server. Since they’re using popular hosting services, it was harder to detect the phishing campaign. If successful, the malware would allow the attacks to steal files as well as execute arbitrary commands on the victim machine.
APT 31 used a legit version of McAfee to hide behind while simultaneously installing malware. Google has reported these findings to the FBI for further investigation.
https://www.theverge.com/2020/10/17/21520799/google-chinese-hackers-biden-campaign-mcafee-malware
https://www.cyberscoop.com/biden-chinese-hacking-google-security-russia/
https://blog.google/threat-analysis-group/how-were-tackling-evolving-online-threats
https://www.patreon.com/threatwire
