Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Google Says Chinese Hackers Are Impersonating McAfee to Trick Victims Into Installing Malware

Illustration for article titled Google Says Chinese Hackers Are Impersonating McAfee to Trick Victims Into Installing Malware
Photo: Kenzo Tribouillard (Getty Images)

The same Chinese government-linked hackers who targeted the campaigns of both 2020 presidential candidates earlier this year have been trying to trick users into installing malware by posing as the antivirus provider McAfee and using otherwise legitimate online services like GitHub and Dropbox.

Advertisement

Shane Huntley, the head of Google’s Threat Analysis Group, offered new details about the suspected state-sponsored cyberattackers, known as APT 31, and their latest tactics in a company blog post on Friday. In June, Google’s security team uncovered high-profile phishing scams by APT 31 and Iranian state-sponsored hackers intended to hijack the email accounts of campaign staffers with President Donald Trump and Democratic nominee Joe Biden. (All of these phishing attempts appeared to have failed, Google said at the time).

On Friday, Huntley said that one of APT 31's latest hacking techniques involved emailing links that would download malicious code hosted on the open-source platform GitHub. The malware was built using the Python computing language and “would allow the attacker to upload and download files as well as execute arbitrary commands” through Dropbox’s cloud storage services, he wrote.

Advertisement

Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection,” Huntley said.

Another phishing scam saw the group impersonating McAfee, a legitimate and popular antivirus software provider, as a facade to quietly slip malicious code onto the target’s machine.

The targets would be prompted to install a legitimate version of McAfee anti-virus software from GitHub, while malware was simultaneously silently installed to the system.”

Google did not specify which organizations or individuals were targeted in these latest APT 31-sponsored attacks or whether they affected either candidate’s political campaign. The tech giant only said that it had seen “increased attention on the threats posed by APTs in the context of the U.S. election” and shared these latest findings with the Federal Bureau of Investigation.

Advertisement

U.S government agencies have warned about different threat actors, and we’ve worked closely with those agencies and others in the tech industry to share leads and intelligence about what we’re seeing across the ecosystem,” Huntley said.

He added that in the event that Google’s anti-phishing safeguards detect a government-backed attack, the company sends the intended victim a warning explaining that a foreign government may be targeting them.

Advertisement

Google isn’t the only tech giant seeing an increase in cyberattacks ahead of the election. In September, Microsoft reported that Chinese, Russian, and Iranian government-backed hackers had launched similarly unsuccessful attacks on high-profile individuals associated with both the Trump and Biden campaigns. Last week, the FBI and U.S. Cybersecurity and Infrastructure Security Agency also released details about campaigns by foreign government-linked hackers to exploit federal, state, and local government networks.

Gizmodo weekend editor. Freelance games reporter. Full-time disaster bi.

Share This Story

Get our newsletter

DISCUSSION

if you are an individual who needs antivirus software then YOU ARE A DUMBASS. encryption, I get. measures to keep your personal info from getting out or being collected are fine. but if you seriously need software to stop your dumb ass from giving your computer a virus, then I guess its a good thing humanity isn’t as susceptible to survival of the fittest because you idiots would die before you hit puberty.