Google mentioned in a new blog post that hackers linked to the Chinese language authorities have been impersonating antivirus software program McAfee to attempt to infect victims’ machines with malware. And, Google says, the hackers look like the same group that unsuccessfully targeted the presidential marketing campaign of former Vice President Joe Biden with a phishing assault earlier this 12 months. An analogous group of hackers based mostly in Iran had tried to focus on President Trump’s marketing campaign, but in addition was unsuccessful.
The group, which Google refers to as APT 31 (quick for Superior Persistent Risk), would e-mail hyperlinks to customers which might obtain malware hosted on GitHub, permitting the attacker to add and obtain recordsdata and execute instructions. Because the group used providers like GitHub and Dropbox to hold out the assaults, it made it tougher to trace them.
“Each malicious piece of this assault was hosted on legit providers, making it tougher for defenders to depend on community alerts for detection,” the top of Google’s Risk Evaluation Group Shane Huntley wrote within the weblog put up.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/21968881/mcafee_attack.png)
Within the McAfee impersonation rip-off, the recipient of the e-mail could be prompted to put in a legit model of McAfee software program from GitHub, whereas on the identical time malware was put in with out the person being conscious. Huntley famous that each time Google detects {that a} person has been the sufferer of a government-backed assault, it sends them a warning.
The weblog put up doesn’t point out who was affected by APT-31’s newest assaults, however mentioned there had been “elevated consideration on the threats posed by APTs within the context of the U.S. election.” Google shared its findings with the FBI.
