Clik here to view.
McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware
Executive Summary Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact and revenue, much...
View ArticleClik here to view.
BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google Play, ironically posing as app security scanners. These...
View ArticleClik here to view.
McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: April 2021. In this edition, we present new findings in our traditional threat statistical categories – as well...
View ArticleClik here to view.
Clever Billing Fraud Applications on Google Play: Etinu
A new wave of fraudulent apps has made its way to the Google Play store, targeting Android users in Southwest Asia and the Arabian Peninsula as well—to the tune of more than 700,000 downloads before...
View ArticleClik here to view.
Access Token Theft and Manipulation Attacks – A Door to Local Privilege...
Executive Summary Many malware attacks designed to inflict damage on a network are armed with lateral movement capabilities. Post initial infection, such malware would usually need to perform a higher...
View ArticleClik here to view.
How to Stop the Popups
McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying many others. A significant portion is attributed to browser-based push...
View ArticleClik here to view.
Steps to Discover Hidden Threat from Phishing Email
Introduction Email is one of the primary ways of communication in the modern world. We use email to receive notifications about our online shopping, financial transaction, credit card e-statements,...
View ArticleClik here to view.
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users since 2018. In the second half of 2020, the campaign...
View ArticleClik here to view.
“Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards
Preface Countries all over the world are racing to achieve so-called herd immunity against COVID-19 by vaccinating their populations. From the initial lockdown to the cancellation of events and the...
View ArticleClik here to view.
Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit
Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server which can be run standalone or in conjunction with IIS...
View ArticleClik here to view.
DarkSide Ransomware Victims Sold Short
Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the recent gas pipeline shutdown. Many of the excellent technical write-ups will detail...
View ArticleClik here to view.
Scammers Impersonating Windows Defender to Push Malicious Windows Apps
Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender Update Victims end up allowing the installation...
View ArticleClik here to view.
Are Virtual Machines the New Gold for Cyber Criminals?
Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT systems in a heartbeat, allowing then to be...
View ArticleClik here to view.
A New Program for Your Peloton – Whether You Like It or Not
Executive Summary The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and...
View ArticleClik here to view.
McAfee Labs Report Highlights Ransomware Threats
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: June 2021. In this edition we introduce additional context into the biggest stories dominating the year thus far...
View ArticleClik here to view.
Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+
Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video displays as well as printers. Windows...
View ArticleClik here to view.
Fuzzing ImageMagick and Digging Deeper into CVE-2020-27829
Introduction: ImageMagick is a hugely popular open source software that is used in lot of systems around the world. It is available for the Windows, Linux, MacOS platforms as well as Android and iOS....
View ArticleClik here to view.
New Ryuk Ransomware Sample Targets Webservers
Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the keys used for encryption. Ryuk is used exclusively in targeted...
View ArticleClik here to view.
Zloader With a New Infection Technique
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means for malware infection has been a dominant part...
View ArticleClik here to view.
Hancitor Making Use of Cookies to Prevent URL Scraping
This blog was written by Vallabh Chole & Oliver Devane Over the years, the cybersecurity industry has seen many threats get taken down, such as the Emotet takedown in January 2021. It doesn’t...
View ArticleClik here to view.
REvil Ransomware Uses DLL Sideloading
This blog was written byVaradharajan Krishnasamy, Karthickkumar, Sakshi Jaiswal Introduction Ransomware attacks are one of the most common cyber-attacks among organizations; due to an increase in...
View ArticleClik here to view.
An Overall Philosophy on the Use of Critical Threat Intelligence
The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and purpose. You never can exactly tell how they will come at you,...
View ArticleClik here to view.
Fighting new Ransomware Techniques with McAfee’s Latest Innovations
In 2021 ransomware attacks have been dominant among the bigger cyber security stories. Hence, I was not surprised to see that McAfee’s June 2021 Threat report is primarily focused on this topic. This...
View ArticleClik here to view.
Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix...
Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the occasional dedicated Unix...
View ArticleClik here to view.
XLSM Malware with MacroSheets
Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw adversaries using Excel 4.0 macros, an old technology, to deliver...
View ArticleClik here to view.
The Rise of Deep Learning for Detection and Classification of Malware
Co-written by Catherine Huang, Ph.D. and Abhishek Karnik Artificial Intelligence (AI) continues to evolve and has made huge progress over the last decade. AI shapes our daily lives. Deep learning is a...
View ArticleClik here to view.
Phishing Android Malware Targets Taxpayers in India
Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via...
View ArticleClik here to view.
Malicious PowerPoint Documents on the Rise
Authored by Anuradha M McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint. In this campaign, the spam email comes with a PowerPoint...
View ArticleClik here to view.
Social Network Account Stealers Hidden in Android Gaming Hacking Tool
Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook, Twitter, Telegram and PUBG game accounts. This malware hides in...
View ArticleClik here to view.
Android malware distributed in Mexico uses Covid-19 to steal financial...
Authored by Fernando Ruiz McAfee Mobile Malware Research Team has identified malware targeting Mexico. It poses as a security banking tool or as a bank application designed to report an out-of-service...
View ArticleClik here to view.
The Newest Malicious Actor: “Squirrelwaffle” Malicious Doc.
Authored By Kiran Raj Due to their widespread use, Office Documents are commonly used by Malicious actors as a way to distribute their malware. McAfee Labs have observed a new threat “Squirrelwaffle”...
View ArticleClik here to view.
‘Tis the Season for Scams
Co-authored by: P, Sriram, and Deepak Setty ‘Tis the season for scams. Well, honestly, it’s always scam season somewhere. In 2020, the Internet Crime and Complaint Center (IC3) reported losses in...
View ArticleClik here to view.
HANCITOR DOC drops via CLIPBOARD
By Sriram P & Lakshya Mathur Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware, and many...
View ArticleClik here to view.
Emotet’s Uncommon Approach of Masking IP Addresses
Authored By: Kiran Raj In a recent campaign of Emotet, McAfee Researchers observed a change in techniques. The Emotet maldoc was using hexadecimal and octal formats to represent IP address which is...
View ArticleClik here to view.
Why Am I Getting All These Notifications on my Phone?
Authored by Oliver Devane and Vallabh Chole Notifications on Chrome and Edge, both desktop browsers, are commonplace, and malicious actors are increasingly abusing this feature. McAfee previously...
View ArticleClik here to view.
Come Join the Scam Party
Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert...
View ArticleClik here to view.
Scammers are Exploiting Ukraine Donations
Authored by Vallabh Chole and Oliver Devane Scammers are very quick at reacting to current events, so they can generate ill-gotten gains. It comes as no surprise that they exploited the current events...
View ArticleClik here to view.
Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
By Oliver Devane Update: In the past 24 hours (from time of publication) McAfee has identified 15 more scam sites bringing the total to 26. The combined value of the wallets shared on these sites is...
View ArticleClik here to view.
Phishing Campaigns featuring Ursnif Trojan on the Rise
Authored by Jyothi Naveen and Kiran Raj McAfee Labs have been observing a spike in phishing campaigns that utilize Microsoft office macro capabilities. These malicious documents reach victims via mass...
View ArticleClik here to view.
Instagram credentials Stealer: Disguised as Mod App
Authored by Dexter Shin McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more...
View ArticleClik here to view.
Instagram credentials Stealers: Free Followers or Free Likes
Authored by Dexter Shin Instagram has become a platform with over a billion monthly active users. Many of Instagram’s users are looking to increase their follower numbers, as this has become a symbol...
View ArticleClik here to view.
Rise of LNK (Shortcut files) Malware
Authored by Lakshya Mathur An LNK file is a Windows Shortcut that serves as a pointer to open a file, folder, or application. LNK files are based on the Shell Link binary file format, which holds...
View ArticleClik here to view.
New HiddenAds malware affects 1M+ users and hides on the Google Play Store
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner apps that delete junk files or help optimize...
View ArticleClik here to view.
Technical Support Scams – What to look out for
Authored by Oliver Devane Technical Support Scams have been targeting computer users for many years. Their goal is to make victims believe they have issues needing to be fixed, and then charge...
View ArticleClik here to view.
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
Authored by Oliver Devane and Vallabh Chole A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites....
View ArticleClik here to view.
New Malicious Clicker found in apps installed by 20M+ users
Authored by SangRyol Ryu Cybercriminals are always after illegal advertising revenue. As we have previously reported, we have seen many mobile malwares masquerading as a useful tool or utility, and...
View ArticleClik here to view.
Don’t Get Caught Offsides with These World Cup Scams
Authored by: Christy Crimmins and Oliver Devane Football (or Soccer as we call it in the U.S.) is the most popular sport in the world, with over 3.5 billion fans across the globe. On November 20th, the...
View ArticleClik here to view.
Microsoft’s Edge over Popups (and Google Chrome)
Following up on our previous blog, How to Stop the Popups, McAfee Labs saw a sharp decrease in the number of deceptive push notifications reported by McAfee consumers running Microsoft’s Edge browser...
View ArticleClik here to view.
Threat Actors Taking Advantage of FTX Bankruptcy
Authored by Oliver Devane It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX, McAfee has discovered several phishing sites targeting FTX users. One of...
View ArticleClik here to view.
Fake Security App Found Abuses Japanese Payment System
Authored by SangRyol Ryu and Yukihiro Okutomi McAfee’s Mobile Research team recently analyzed new malware targeting mobile payment users in Japan. The malware which was distributed on the Google Play...
View Article