Google said in Post: Hackers associated with the Chinese government are impersonating the McAfee anti-virus program in an attempt to infect victims’ devices with malware.
Google says: It appears that the hackers are the same group that unsuccessfully targeted the presidential campaign of former Vice President (Joe Biden) with a phishing attack earlier this year. A similar group of Iranian-based hackers attempted to target President Trump’s campaign, but was unsuccessful either.
Google added that the group – which the company refers to as APT 31 (short for “advanced persistent threat”) – email links to users who download malware hosted on GitHub, allowing the attacker to upload files, download them, and execute commands. And because the group used services such as GitHub and Dropbox to carry out the attacks, it became more difficult to track them.
“Every malicious piece of this attack has been hosted on legitimate services, making it difficult for defenders to rely on network signals to detect them,” Shane Huntley, head of the Google Threat Analysis Group, wrote in the blog post.
In an anti-virus (McAfee) scam, the recipient of the email is required to install a legitimate version of the (McAfee) software from GitHub; Install malware at the same time without the user’s knowledge. Huntley noted that when Google detects that a user has been the victim of an attack supported by a government, it sends him a warning.
The Google post did not mention the identity of those affected by the recent APT-31 attacks, but stated that there was “increased interest in the threats posed by APTs in the context of the US elections.” Google has shared its findings with the FBI.
Last September, Microsoft warned one of the main consulting firms for the election campaign of Democratic candidate (Joe Biden) against targeting it by suspected Russian state hackers, according to Reuters, citing three people familiar with the matter.
The sources told Reuters: The hacking attempts have targeted employees of Washington-based SKDKnickerbocker, a strategic and campaign communications firm that has worked with Biden and other prominent Democrats, over the past two months.