Android Phishing Scam Using Malware-as-a-Service on the Rise in India
McAfee Labs Blog
by McAfee Labs
2w ago
Authored by ZePeng Chen and Wenfeng Yu  McAfee Mobile Research Team has observed an active scam malware campaign targeting Android users in India. This malware has gone through three stages. The first one is the development stage, from March 2023 to July 2023, during which a couple of applications were created each month. The second is the expansion stage, from August 2023 to October 2023, during which dozens of applications were created each month. The third is the active stage, from September 2023 to the present, during which hundreds of applications were created each month. According ..read more
Visit website
Rise in Deceptive PDF: The Gateway to Malicious Payloads
McAfee Labs Blog
by McAfee Labs
3w ago
Authored by Yashvi Shah and Preksha Saxena McAfee Labs has recently observed a significant surge in the distribution of prominent malware through PDF files. Malware is not solely sourced from dubious websites or downloads; certain instances of malware may reside within apparently harmless emails, particularly within the PDF file attachments accompanying them. The subsequent trend observed in the past three months through McAfee telemetry pertains to the prevalence of malware distributed through non-portable executable (non-PE) vectors.   Figure 1: Rise in PDF malware Why PDF? Upon imple ..read more
Visit website
GUloader Unmasked: Decrypting the Threat of Malicious SVG Files
McAfee Labs Blog
by McAfee Labs
1M ago
Authored by: Vignesh Dhatchanamoorthy In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep understanding of their tactics and tools. Enter GUloader, a potent weapon in the arsenal of cybercriminals worldwide. This sophisticated malware loader has garnered attention for its stealthy techniques and ability to evade detection, posing a significant risk to organizations and individuals. One of GUloader’s distinguishing features is its utilization of evasion techniques, making it particularly challenging for traditional security measures to det ..read more
Visit website
MoqHao evolution: New variants start automatically right after installation
McAfee Labs Blog
by McAfee Labs
1M ago
Authored by Dexter Shin  MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015. McAfee Mobile Research Team has also posted several articles related to this malware family that traditionally targets Asian countries such as Korea and Japan.   Recently McAfee Mobile Research Team found that MoqHao began distributing variants using very dangerous technique. Basically, the distribution method is the same. They send a link to download the malicious app via the SMS message. Typical MoqHao requires users to install ..read more
Visit website
From Email to RAT: Deciphering a VB Script-Driven Campaign
McAfee Labs Blog
by McAfee Labs
1M ago
Authored by Preksha Saxena and Yashvi Shah McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting (VBS). Initially delivering the AgentTesla malware, the campaign has evolved into a multi-faceted threat, employing VBS scripts as a versatile delivery mechanism. Notably, this campaign extends beyond AgentTesla, now distributing a range of malware such as Guloader, Remcos RAT, Xworm, and Lokibot. This campaign illustrates a comprehensive infection process initiated by a VBS file delivered via email. Starting with the activation of a VBS scri ..read more
Visit website
From Email to RAT: Deciphering a VBS Script-Driven Campaign
McAfee Labs Blog
by McAfee Labs
2M ago
Authored by Preksha Saxena and Yashvi Shah McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting (VBS). Initially delivering the AgentTesla malware, the campaign has evolved into a multi-faceted threat, employing VBS scripts as a versatile delivery mechanism. Notably, this campaign extends beyond AgentTesla, now distributing a range of malware such as Guloader, Remcos RAT, Xworm, and Lokibot. This campaign illustrates a comprehensive infection process initiated by a VBS file delivered via email. Starting with the activation of a VBS scri ..read more
Visit website
Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices
McAfee Labs Blog
by McAfee Labs
3M ago
Authored by Fernando Ruiz  McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#. Dubbed Android/Xamalicious it tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload that’s dynamically injected as an assembly DLL at runtime level to take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing app ..read more
Visit website
Shielding Against Android Phishing in Indian Banking
McAfee Labs Blog
by McAfee Labs
3M ago
Authored by Neil Tyagi and Fernando Ruiz In a digitally evolving world, the convenience of banking through mobile applications has revolutionized financial transactions. However, this advancement has also opened doors to a lesser-known adversary: Android phishing. Join us as we delve into the clandestine realm of cyber threats targeting India’s banking sector. This blog uncovers the nuances of an Android phishing/banking trojan application identified as Android/Banker.AFX illustrates a common procedure from cybercriminals designed to drain the bank accounts of their victims: First broadcastin ..read more
Visit website
PDF Phishing: Beyond the Bait
McAfee Labs Blog
by McAfee Labs
4M ago
By Lakshya Mathur & Yashvi Shah  Phishing attackers aim to deceive individuals into revealing sensitive information for financial gain, credential theft, corporate network access, and spreading malware. This method often involves social engineering tactics, exploiting psychological factors to manipulate victims into compromising actions that can have profound consequences for personal and organizational security. Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns. These PDFs were del ..read more
Visit website
Short-URL Services May Hide Threats
McAfee Labs Blog
by McAfee
4M ago
Short-URL services have emerged as a crucial part of the way we use the Internet. With the increasing use of social media, where the number of characters is limited, short-URL services are a useful tool for reducing a URL’s length. However, this convenience also comes with a potential risk. The anonymity provided by these services can serve as a breeding ground for online threats. This article delves deeper into the potential risks associated with using short-URL services and how you can safeguard yourself from these threats. What are Short-URL Services? Short-URL services are online tools th ..read more
Visit website

Follow McAfee Labs Blog on FeedSpot

Continue with Google
Continue with Apple
OR