Chinese hackers pose as McAfee Antivirus to phish victims

Chinese state-sponsored hacking group, APT 31 are impersonating as antivirus provider McAfee in order to trick high-profile targets into downloading malware, according to Google security team.

Back in June, Google security researchers reported that APT 31 had been targeting Joe Biden’s Presidential campaign by sending phishing emails to his staff. The goal was to hijack their personal email accounts, but Google said that those phishing attempts had however failed.

Google’s security team had spotted the hackers emailing links designed to ultimately download malware hosted over Github, the software development platform. Precisely, the Window-based malware was built using the Python computing language. The hacker could then control the malicious code using the free cloud storage service Dropbox.

Another phishing technique from APT 31 involved posing as antivirus provider McAfee. Posing as McAfee was unpredictable, given that the company is a well-known name in cybersecurity. But the tactic was not surprising either. State-sponsored hackers often pretend to be major internet and software providers in order to trick victims into opening their phishing emails. However, Google has some anti-phishing safeguards in place to filter out the malicious attacks. In the event the company detects a state-sponsored hacking group targeting a user, it will also send a warning about the phishing attempt and explain that a foreign government may be behind it.

Google security researcher Shane Huntley in the blog post said "(The malware) would allow the attacker to upload and download files as well as execute arbitrary commands. Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection.”

Source - PC Magazine