McAfee Labs Blog
125 FOLLOWERS
McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information. McAfee is one of the world's leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. For businesses, McAfee helps..
McAfee Labs Blog
2w ago
Authored by ZePeng Chen and Wenfeng Yu
McAfee Mobile Research Team has observed an active scam malware campaign targeting Android users in India. This malware has gone through three stages. The first one is the development stage, from March 2023 to July 2023, during which a couple of applications were created each month. The second is the expansion stage, from August 2023 to October 2023, during which dozens of applications were created each month. The third is the active stage, from September 2023 to the present, during which hundreds of applications were created each month. According ..read more
McAfee Labs Blog
3w ago
Authored by Yashvi Shah and Preksha Saxena
McAfee Labs has recently observed a significant surge in the distribution of prominent malware through PDF files. Malware is not solely sourced from dubious websites or downloads; certain instances of malware may reside within apparently harmless emails, particularly within the PDF file attachments accompanying them. The subsequent trend observed in the past three months through McAfee telemetry pertains to the prevalence of malware distributed through non-portable executable (non-PE) vectors.
Figure 1: Rise in PDF malware
Why PDF?
Upon imple ..read more
McAfee Labs Blog
1M ago
Authored by: Vignesh Dhatchanamoorthy
In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep understanding of their tactics and tools. Enter GUloader, a potent weapon in the arsenal of cybercriminals worldwide. This sophisticated malware loader has garnered attention for its stealthy techniques and ability to evade detection, posing a significant risk to organizations and individuals.
One of GUloader’s distinguishing features is its utilization of evasion techniques, making it particularly challenging for traditional security measures to det ..read more
McAfee Labs Blog
1M ago
Authored by Dexter Shin
MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015. McAfee Mobile Research Team has also posted several articles related to this malware family that traditionally targets Asian countries such as Korea and Japan.
Recently McAfee Mobile Research Team found that MoqHao began distributing variants using very dangerous technique. Basically, the distribution method is the same. They send a link to download the malicious app via the SMS message. Typical MoqHao requires users to install ..read more
McAfee Labs Blog
1M ago
Authored by Preksha Saxena and Yashvi Shah
McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting (VBS). Initially delivering the AgentTesla malware, the campaign has evolved into a multi-faceted threat, employing VBS scripts as a versatile delivery mechanism. Notably, this campaign extends beyond AgentTesla, now distributing a range of malware such as Guloader, Remcos RAT, Xworm, and Lokibot.
This campaign illustrates a comprehensive infection process initiated by a VBS file delivered via email. Starting with the activation of a VBS scri ..read more
McAfee Labs Blog
2M ago
Authored by Preksha Saxena and Yashvi Shah
McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting (VBS). Initially delivering the AgentTesla malware, the campaign has evolved into a multi-faceted threat, employing VBS scripts as a versatile delivery mechanism. Notably, this campaign extends beyond AgentTesla, now distributing a range of malware such as Guloader, Remcos RAT, Xworm, and Lokibot.
This campaign illustrates a comprehensive infection process initiated by a VBS file delivered via email. Starting with the activation of a VBS scri ..read more
McAfee Labs Blog
3M ago
Authored by Fernando Ruiz
McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#. Dubbed Android/Xamalicious it tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload that’s dynamically injected as an assembly DLL at runtime level to take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing app ..read more
McAfee Labs Blog
3M ago
Authored by Neil Tyagi and Fernando Ruiz
In a digitally evolving world, the convenience of banking through mobile applications has revolutionized financial transactions. However, this advancement has also opened doors to a lesser-known adversary: Android phishing. Join us as we delve into the clandestine realm of cyber threats targeting India’s banking sector.
This blog uncovers the nuances of an Android phishing/banking trojan application identified as Android/Banker.AFX illustrates a common procedure from cybercriminals designed to drain the bank accounts of their victims:
First broadcastin ..read more
McAfee Labs Blog
4M ago
By Lakshya Mathur & Yashvi Shah
Phishing attackers aim to deceive individuals into revealing sensitive information for financial gain, credential theft, corporate network access, and spreading malware. This method often involves social engineering tactics, exploiting psychological factors to manipulate victims into compromising actions that can have profound consequences for personal and organizational security.
Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns. These PDFs were del ..read more
McAfee Labs Blog
4M ago
Short-URL services have emerged as a crucial part of the way we use the Internet. With the increasing use of social media, where the number of characters is limited, short-URL services are a useful tool for reducing a URL’s length. However, this convenience also comes with a potential risk. The anonymity provided by these services can serve as a breeding ground for online threats. This article delves deeper into the potential risks associated with using short-URL services and how you can safeguard yourself from these threats.
What are Short-URL Services?
Short-URL services are online tools th ..read more