Google mentioned in a new blog post that hackers related to the Chinese authorities had been impersonating antivirus software McAfee to check out to contaminate sufferers’ machines with malware. And, Google says, the hackers seem to be the same group that unsuccessfully targeted the presidential campaign of former Vice President Joe Biden with a phishing assault previous this yr. A an identical crew of hackers primarily based in Iran had attempted to focus on President Trump’s campaign, but additionally used to be unsuccessful.

The crew, which Google refers to as APT 31 (brief for Advanced Persistent Threat), would e-mail hyperlinks to customers which might obtain malware hosted on GitHub, permitting the attacker to add and obtain information and execute instructions. Since the crowd used services and products like GitHub and Dropbox to hold out the assaults, it made it tougher to trace them.

“Every malicious piece of this assault used to be hosted on reputable services and products, making it more difficult for defenders to depend on community alerts for detection,” the pinnacle of Google’s Threat Analysis Group Shane Huntley wrote within the weblog submit.


In the McAfee impersonation rip-off, the recipient of the e-mail can be induced to put in a valid model of McAfee software from GitHub, whilst on the similar time malware used to be put in with out the consumer being conscious. Huntley famous that on every occasion Google detects {that a} consumer has been the sufferer of a government-backed assault, it sends them a caution.

The weblog submit doesn’t point out who used to be suffering from APT-31’s newest assaults, however mentioned there were “larger consideration at the threats posed by way of APTs within the context of the U.S. election.” Google shared its findings with the FBI.


Please enter your comment!
Please enter your name here