McAfee Labs Blog
126 FOLLOWERS
McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information. McAfee is one of the world's leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. For businesses, McAfee helps..
McAfee Labs Blog
3d ago
Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena
McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages. DarkGate, a Remote Access Trojan (RAT) developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018. This malicious software boasts an array of functionalities, such as process injection, file download and execution, data theft, s ..read more
McAfee Labs Blog
2w ago
A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior. McAfee telemetry data shows this malware strain is very prevalent, covering North America, South America, Europe, and Asia and reaching Australia. Infection Chain
GitHub is being abused to host the malware file at Microsoft’s official account in the vcpkg repository https[:]//github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip
McAfee Web Advisor blocks access to this malicious download
Cheat.Lab.2.7.2.zip is a zip file with hash 5e37b32890 ..read more
McAfee Labs Blog
1M ago
Authored by Anuradha and Preksha
Introduction
PikaBot is a malicious backdoor that has been active since early 2023. Its modular design is comprised of a loader and a core component. The core module performs malicious operations, allowing for the execution of commands and the injection of payloads from a command-and-control server. The malware employs a code injector to decrypt and inject the core module into a legitimate process. Notably, PikaBot employs distribution methods, campaigns, and behavior reminiscent of Qakbot.
Distribution Methods
PikaBot, along with various other malicious loade ..read more
McAfee Labs Blog
1M ago
Authored by ZePeng Chen and Wenfeng Yu
McAfee Mobile Research Team has observed an active scam malware campaign targeting Android users in India. This malware has gone through three stages. The first one is the development stage, from March 2023 to July 2023, during which a couple of applications were created each month. The second is the expansion stage, from August 2023 to October 2023, during which dozens of applications were created each month. The third is the active stage, from September 2023 to the present, during which hundreds of applications were created each month. According ..read more
McAfee Labs Blog
2M ago
Authored by Yashvi Shah and Preksha Saxena
McAfee Labs has recently observed a significant surge in the distribution of prominent malware through PDF files. Malware is not solely sourced from dubious websites or downloads; certain instances of malware may reside within apparently harmless emails, particularly within the PDF file attachments accompanying them. The subsequent trend observed in the past three months through McAfee telemetry pertains to the prevalence of malware distributed through non-portable executable (non-PE) vectors.
Figure 1: Rise in PDF malware
Why PDF?
Upon imple ..read more
McAfee Labs Blog
2M ago
Authored by: Vignesh Dhatchanamoorthy
In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep understanding of their tactics and tools. Enter GUloader, a potent weapon in the arsenal of cybercriminals worldwide. This sophisticated malware loader has garnered attention for its stealthy techniques and ability to evade detection, posing a significant risk to organizations and individuals.
One of GUloader’s distinguishing features is its utilization of evasion techniques, making it particularly challenging for traditional security measures to det ..read more
McAfee Labs Blog
3M ago
Authored by Dexter Shin
MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015. McAfee Mobile Research Team has also posted several articles related to this malware family that traditionally targets Asian countries such as Korea and Japan.
Recently McAfee Mobile Research Team found that MoqHao began distributing variants using very dangerous technique. Basically, the distribution method is the same. They send a link to download the malicious app via the SMS message. Typical MoqHao requires users to install ..read more
McAfee Labs Blog
3M ago
Authored by Preksha Saxena and Yashvi Shah
McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting (VBS). Initially delivering the AgentTesla malware, the campaign has evolved into a multi-faceted threat, employing VBS scripts as a versatile delivery mechanism. Notably, this campaign extends beyond AgentTesla, now distributing a range of malware such as Guloader, Remcos RAT, Xworm, and Lokibot.
This campaign illustrates a comprehensive infection process initiated by a VBS file delivered via email. Starting with the activation of a VBS scri ..read more
McAfee Labs Blog
3M ago
Authored by Preksha Saxena and Yashvi Shah
McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting (VBS). Initially delivering the AgentTesla malware, the campaign has evolved into a multi-faceted threat, employing VBS scripts as a versatile delivery mechanism. Notably, this campaign extends beyond AgentTesla, now distributing a range of malware such as Guloader, Remcos RAT, Xworm, and Lokibot.
This campaign illustrates a comprehensive infection process initiated by a VBS file delivered via email. Starting with the activation of a VBS scri ..read more
McAfee Labs Blog
4M ago
Authored by Fernando Ruiz
McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#. Dubbed Android/Xamalicious it tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload that’s dynamically injected as an assembly DLL at runtime level to take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing app ..read more