Clik here to view.
Misuse of DocuSign Email Addresses Leads to Phishing Campaign
DocuSign, which provides electronic signatures and digital transaction management, reported that email addresses were stolen by an unknown party on May 15. Although the company confirmed that no...
View ArticleClik here to view.
Is WannaCry Really Ransomware?
This post summarizes the significant efforts of a McAfee threat research team that has been relentless in its efforts to gain a deeper understanding of the WannaCry ransomware. We would like to...
View ArticleClik here to view.
McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers;...
This blog was written by Sanchit Karve. McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has used infected machines as control servers since April 2016, even...
View ArticleClik here to view.
‘McAfee Labs Threats Report’ Explores Malware Evasion Techniques, Digital...
This blog post was written by Vincent Weafer. We got a little carried away in the McAfee Labs Threats Report: June 2017, published today. This quarter’s report has expanded to a rather hefty 83 pages!...
View ArticleClik here to view.
New Variant of Petya Ransomware Spreading Like Wildfire
[This post was updated on June 27 at 18:40 Pacific time. The updated section is marked.] The world woke up today to another ransomware outbreak wreaking havoc throughout companies’ networks. This...
View ArticleClik here to view.
How to Protect Against Petya Ransomware in a McAfee Environment
This post has been updated with information about McAfee Enterprise Security Manager and McAfee Web Gateway (June 28, 14:20 Pacific time). A new variant of the ransomware Petya (also called Petrwrap)...
View ArticleClik here to view.
Petya More Effective at Destruction Than as Ransomware
At the beginning of the recent Petya malware campaign, the world was quick to exclaim this attack was ransomware. Now, with time to analyze the facts and make comparisons to other ransomware campaigns,...
View ArticleClik here to view.
LeakerLocker: Mobile Ransomware Acts Without Encryption
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim’s private information....
View ArticleClik here to view.
Analyzing a Patch of a Virtual Machine Escape on VMware
A virtual machine is a completely isolated guest operating system installation within a normal host operating system. Virtual machine escape is the process of breaking out of a virtual machine and...
View ArticleClik here to view.
Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code...
Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using the technique of object-graph navigation language...
View ArticleClik here to view.
Darknet Markets Will Outlive AlphaBay and Hansa Takedowns
On June 20, law enforcement took over the Hansa marketplace after investigations that began in 2016. On July 5, police in Thailand arrested Alexandre Cazes, alleged to be the operator of the large...
View ArticleClik here to view.
NoMoreRansom – One year on!
One year on. It is fair to say that the No More Ransom project not only exceeded our expectations, but simply blew these initial expectations out of the water. A collaboration between six partners...
View ArticleClik here to view.
Analyzing CVE-2017-0190: WMF Flaws Can Lead to Data Theft, Code Execution
CVE-2017-0190 is a recently patched vulnerability related to Windows metafiles (WMFs), a portable image format mainly used by 16-bit Windows applications. Recently we have seen an increase in the...
View ArticleClik here to view.
DEFCON – Connected Car Security
Sometime in the distant past, that thing in your driveway was a car. However, the “connected car is already the third-fastest growing technological device after phones and tablets.” The days when a...
View ArticleClik here to view.
Smishing Campaign Steals Banking Credentials in U.S.
The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States. The messages attempt to scare victims with a...
View ArticleClik here to view.
Android Click-Fraud Apps Briefly Return to Google Play
Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior that simulates clicks is similar to the behavior of many...
View ArticleClik here to view.
Android Banking Trojan MoqHao Spreading via SMS Phishing in South Korea
Last month, a number of users started posting on South Korean sites screenshots of suspicious SMS messages phishing texts (also known as smishing) to lure them into clicking on shortened URLs. For...
View ArticleClik here to view.
Emotet Trojan Acts as Loader, Spreads Automatically
Since the middle of July, McAfee has observed new updates of the Emotet, a Trojan that was first discovered in 2014. This malware harvests banking credentials. Early variants used Outlook contact...
View ArticleClik here to view.
Android Click-Fraud App Repurposed as DDoS Botnet
The McAfee Mobile Research Team tracks the behavior of Android click-fraud apps. We have detected multiple implementations, including recent examples on Google Play in 2016 and Clicker.BN last month....
View ArticleClik here to view.
Microsoft Kills Potential Remote Code Execution Vulnerability in Office...
Recently the McAfee IPS Research Team informed Microsoft about a potential remote code execution vulnerability in Office 2016 that McAfee discovered in March. Microsoft released a patch for this...
View Article