Clik here to view.
Further Analysis of WannaCry Ransomware
McAfee Labs has closely monitored the activity around the ransomware WannaCry. Many sources have reported on this attack and its behavior, including this post by McAfee’s Raj Samani and Christiaan Beek...
View ArticleClik here to view.
Everyday Hero: 5 Questions with McAfee Labs’ Paula Greve
With cybersecurity experts taking center stage this week at the Black Hat conference in Las Vegas, the world is watching for the release of the latest breakthrough research, development, and trends....
View ArticleClik here to view.
McAfee Labs: Faceliker Surge Manipulates Facebook “Likes” to Promote News,...
Criminals excel in manipulating the trust within human relationships, particularly as individuals project themselves into digital realms such as social media. We see it in phishing messages, which fool...
View ArticleClik here to view.
‘McAfee Labs 2018 Threats Predictions Report’ Previews Five Cybersecurity Trends
This report was written by members of McAfee Labs and the Office of the CTO. Welcome to the McAfee Labs 2018 Threats Predictions Report. We find ourselves in a highly volatile stage of cybersecurity,...
View ArticleClik here to view.
‘Aha’ Moments From the ‘Verizon 2017 Data Breach Investigations Report’
This blog post was written by Rick Simon. The annual Verizon Data Breach Investigations Report (DBIR) was published today. Once again, it is a hefty report that is sure to become one of the most...
View ArticleClik here to view.
Mirai, BrickerBot, Hajime Attack a Common IoT Weakness
This blog post was written by Rick Simon. We know that devices in the Internet of Things make enticing targets for attack. They are often insecure and can act as open windows into trusted networks....
View ArticleClik here to view.
McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers;...
This blog was written by Sanchit Karve. McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has used infected machines as control servers since April 2016, even...
View ArticleClik here to view.
Linux Kernel Vulnerability Can Lead to Privilege Escalation: Analyzing...
This blog was written by Krishs Patil. A memory corruption bug in UDP fragmentation offload (UFO) code inside the Linux kernel can lead to local privilege escalation. In this post we will examine this...
View ArticleClik here to view.
Analyzing a Fresh Variant of the Dorkbot Botnet
This blog post was written by Sudhanshu Dubey. At McAfee Labs, we have recently observed a new variant of the Dorkbot botnet. Dorkbot is a well-known bot, famous for its various capabilities including...
View ArticleClik here to view.
McAfee Demos Ease of Exploiting Recent Apache Struts Vulnerability
This post was written by Brook Schoenfield and the Advanced Threat Research Team. A series of exploitable conditions have been uncovered in Apache Struts. One of these, CVE-2017-9805, allows...
View ArticleClik here to view.
KRACKs Against Wi-Fi Serious But Not End of the World
This blog was written by Brook Schoenfield. On October 12, researcher Mathy Vanhoef announced a set of Wi-Fi attacks that he named KRACKs, for key reinstallation attacks. These attack scenarios are...
View ArticleClik here to view.
Self-Signed Certificates Can Be Secure, So Why Ban Them?
This blog was co-written by Brook Schoenfield and Ramnath Venugopalan. In many organizations the use of self-signed certificates is forbidden by policy. Organizations may ban the use of self-signed...
View ArticleClik here to view.
Don’t Substitute CVSS for Risk: Scoring System Inflates Importance of...
This blog was co-written by Brook Schoenfield and Damian Quiroga. I am a wry observer of vulnerability announcements. CVE-2017-3735—which can allow a small buffer overread in an X.509...
View ArticleClik here to view.
Should I Worry About AVGater, Which Exploits Some Security Products?
This blog was written by Brook Schoenfield. On November 10, a researcher reported the vulnerability AVGater, which affects some antimalware products. The vulnerability allows a user without...
View ArticleClik here to view.
Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause...
This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee Advanced Threat Research team analysts have studied...
View ArticleClik here to view.
McAfee Labs 2019 Threats Predictions Report
These predictions were written by Eoin Carroll, Taylor Dunton, John Fokker, German Lancioni, Lee Munson, Yukihiro Okutomi, Thomas Roccia, Raj Samani, Sekhar Sarukkai, Dan Sommer, and Carl Woodward. As...
View ArticleClik here to view.
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The...
Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same...
View ArticleClik here to view.
McAfee Labs 2020 Threats Predictions Report
With 2019’s headlines of ransomware, malware, and RDP attacks almost behind us, we shift our focus to the cybercrime threats ahead. Cybercriminals are increasing the complexity and volume of their...
View ArticleClik here to view.
What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification...
By: Jan Schnellbächer and Martin Stecher, McAfee Germany GmbH This week security researches around the world were very busy working on Microsoft’s major crypto-spoofing vulnerability (CVE-2020-0601)...
View ArticleClik here to view.
Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?
Executive Summary We are in the midst of an economic slump [1], with more candidates than there are jobs, something that has been leveraged by malicious actors to lure unwitting victims into opening...
View ArticleClik here to view.
Zloader With a New Infection Technique
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means for malware infection has been a dominant part...
View ArticleClik here to view.
Hancitor Making Use of Cookies to Prevent URL Scraping
This blog was written by Vallabh Chole & Oliver Devane Over the years, the cybersecurity industry has seen many threats get taken down, such as the Emotet takedown in January 2021. It doesn’t...
View ArticleClik here to view.
REvil Ransomware Uses DLL Sideloading
This blog was written byVaradharajan Krishnasamy, Karthickkumar, Sakshi Jaiswal Introduction Ransomware attacks are one of the most common cyber-attacks among organizations; due to an increase in...
View ArticleClik here to view.
XLSM Malware with MacroSheets
Written by: Lakshya Mathur Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw adversaries using Excel 4.0 macros, an...
View ArticleClik here to view.
The Rise of Deep Learning for Detection and Classification of Malware
Co-written by Catherine Huang, Ph.D. and Abhishek Karnik Artificial Intelligence (AI) continues to evolve and has made huge progress over the last decade. AI shapes our daily lives. Deep learning is a...
View ArticleClik here to view.
Phishing Android Malware Targets Taxpayers in India
Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via...
View ArticleClik here to view.
Android malware distributed in Mexico uses Covid-19 to steal financial...
Authored by Fernando Ruiz McAfee Mobile Malware Research Team has identified malware targeting Mexico. It poses as a security banking tool or as a bank application designed to report an out-of-service...
View ArticleClik here to view.
Malicious PowerPoint Documents on the Rise
Authored by Anuradha M McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint. In this campaign, the spam email comes with a PowerPoint...
View ArticleClik here to view.
MalBus Actor Changed Market from Google Play to ONE Store
Authored by: Sang Ryol Ryu and Chanung Pak McAfee Mobile Research team has found another variant of MalBus on an education application, developed by a South Korean developer. In the previous Malbus...
View ArticleClik here to view.
Clever Billing Fraud Applications on Google Play: Etinu
Authored by: Sang Ryol Ryu and Chanung Pak A new wave of fraudulent apps has made its way to the Google Play store, targeting Android users in Southwest Asia and the Arabian Peninsula as well—to the...
View ArticleClik here to view.
Social Network Account Stealers Hidden in Android Gaming Hacking Tool
Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook, Twitter, Telegram and PUBG game accounts. This malware hides in...
View ArticleClik here to view.
The Newest Malicious Actor: “Squirrelwaffle” Malicious Doc.
Authored By Kiran Raj Due to their widespread use, Office Documents are commonly used by Malicious actors as a way to distribute their malware. McAfee Labs have observed a new threat “Squirrelwaffle”...
View ArticleClik here to view.
HANCITOR DOC drops via CLIPBOARD
By Sriram P & Lakshya Mathur Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware, and many...
View ArticleClik here to view.
Emotet’s Uncommon Approach of Masking IP Addresses
Authored By: Kiran Raj In a recent campaign of Emotet, McAfee Researchers observed a change in techniques. The Emotet maldoc was using hexadecimal and octal formats to represent IP address which is...
View ArticleClik here to view.
Why Am I Getting All These Notifications on my Phone?
Authored by Oliver Devane and Vallabh Chole Notifications on Chrome and Edge, both desktop browsers, are commonplace, and malicious actors are increasingly abusing this feature. McAfee previously...
View ArticleClik here to view.
Come Join the Scam Party
Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert...
View ArticleClik here to view.
Scammers are Exploiting Ukraine Donations
Authored by Vallabh Chole and Oliver Devane Scammers are very quick at reacting to current events, so they can generate ill-gotten gains. It comes as no surprise that they exploited the current events...
View ArticleClik here to view.
Phishing Campaigns featuring Ursnif Trojan on the Rise
Authored by Jyothi Naveen and Kiran Raj McAfee Labs have been observing a spike in phishing campaigns that utilize Microsoft office macro capabilities. These malicious documents reach victims via mass...
View ArticleClik here to view.
Instagram credentials Stealer: Disguised as Mod App
Authored by Dexter Shin McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more...
View ArticleClik here to view.
Instagram credentials Stealers: Free Followers or Free Likes
Authored by Dexter Shin Instagram has become a platform with over a billion monthly active users. Many of Instagram’s users are looking to increase their follower numbers, as this has become a symbol...
View ArticleClik here to view.
Rise of LNK (Shortcut files) Malware
Authored by Lakshya Mathur An LNK file is a Windows Shortcut that serves as a pointer to open a file, folder, or application. LNK files are based on the Shell Link binary file format, which holds...
View ArticleClik here to view.
New HiddenAds malware affects 1M+ users and hides on the Google Play Store
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner apps that delete junk files or help optimize...
View ArticleClik here to view.
Technical Support Scams – What to look out for
Authored by Oliver Devane Technical Support Scams have been targeting computer users for many years. Their goal is to make victims believe they have issues needing to be fixed, and then charge...
View ArticleClik here to view.
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
Authored by Oliver Devane and Vallabh Chole September 9, 2022 Update: Since the original publication of this blog on August 29, 2022, the Flipshope browser extension was updated in the Chrome Store on...
View ArticleClik here to view.
New Malicious Clicker found in apps installed by 20M+ users
Authored by SangRyol Ryu Cybercriminals are always after illegal advertising revenue. As we have previously reported, we have seen many mobile malwares masquerading as a useful tool or utility, and...
View ArticleClik here to view.
Don’t Get Caught Offsides with These World Cup Scams
Authored by: Christy Crimmins and Oliver Devane Football (or Soccer as we call it in the U.S.) is the most popular sport in the world, with over 3.5 billion fans across the globe. On November 20th, the...
View ArticleClik here to view.
Microsoft’s Edge over Popups (and Google Chrome)
Following up on our previous blog, How to Stop the Popups, McAfee Labs saw a sharp decrease in the number of deceptive push notifications reported by McAfee consumers running Microsoft’s Edge browser...
View ArticleClik here to view.
Threat Actors Taking Advantage of FTX Bankruptcy
Authored by Oliver Devane It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX, McAfee has discovered several phishing sites targeting FTX users. One of...
View ArticleClik here to view.
Fake Security App Found Abuses Japanese Payment System
Authored by SangRyol Ryu and Yukihiro Okutomi McAfee’s Mobile Research team recently analyzed new malware targeting mobile payment users in Japan. The malware which was distributed on the Google Play...
View ArticleClik here to view.
McAfee 2023 Threat Predictions: Evolution and Exploitation
As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape. This year saw the continued...
View Article