Chinese hackers caught running massive malware campaign in guise of McAfee antivirus software: Google

By: |
October 19, 2020 2:57 PM

The hackers seem to be the same group that targeted the presidential campaign of former Vice President Joe Biden.

For instance, after its face-off with China, hackers based in that country have attempted over 40,000 attacks.The Chinese group that Google is referring to as APT 31 (short for Advanced Persistent Threat) used email links from where users would download malware.

Google has unearthed a massive malware campaign allegedly run by hackers linked to the Chinese government. In a blog post, Google has shared the modus operandi of the campaign. As per Google, the hackers were running the campaign under the guise of McAfee antivirus software. The hackers seem to be the same group that targeted the presidential campaign of former Vice President Joe Biden with a phishing attack earlier this year.

Apart from this, the company noted that a similar group of Iran based hackers had tried to target President Trump’s campaign. Both of the attempts remained unsuccessful.

“The Iranian attacker group (APT35) and the Chinese attacker group (APT31) targeted campaign staffers’ personal emails with credential phishing emails and emails containing tracking links. As part of our wider tracking of APT31 activity, we’ve also seen them deploy targeted malware campaigns,” Google said.

The Chinese group that Google is referring to as APT 31 (short for Advanced Persistent Threat) used email links from where users would download malware. The malware hosted on GitHub further allowed the attackers to upload and download files along with command execution. As GitHub and Dropbox were used for such attacks, Google said it was difficult to track them. According to the head of Google’s Threat Analysis Group Shane Huntley, the malicious attacks were hosted on legitimate services which made it harder for defenders to focus on network signals for detection. “The targets would be prompted to install a legitimate version of McAfee anti-virus software from GitHub, while malware was simultaneously silently installed to the system,” said Huntley.

Google said that when they detect a user being a target of a government-backed attack, the company sends a prominent warning. Even in cases like these, the company shared the findings with the campaigns as well as the Federal Bureau of Investigation, Google claimed. Apart from this, Google has seen an increased attention “on the threats posed by APTs” as the US election approaches. It said that the government agencies in the US have also warned about different threat actors. Therefore, the company has worked closely with those agencies along with others in the tech industry in order to share any kind of leads and intelligence.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Zoom revenue surges 4x two quarters straight as video conferencing platform reports $777.2 million earnings in Q3 2020
2Xiaomi zooms past Apple in global smartphone sales in third quarter; Samsung holds pole position
3FAU-G pre-registrations are now live, still no word on PUBG Mobile India