Technology
Google claims Chinese hackers targeting the Biden campaign are bogus McAfee apps
Google claimed in a recent blog post that hackers connected to the Chinese government have been impersonating McAfee antivirus apps to attempt to infect victims' computers with malware. And, Google reports, hackers tend to be the same party that effectively threatened former Vice President Joe Biden's presidential campaign with a phishing attack earlier this year. A related group of hackers based in Iran attempted to attack President Trump's campaign, but they were also unsuccessful.
The community that Google refers to as APT 31 (short for Advanced Persistent Threat) will send email links to users that would download GitHub hosted malware, enabling the attacker to upload and download files and execute orders. Because the gang used sites such as GitHub and Dropbox to carry out the attacks, it made it more difficult to trace them.
Any malicious piece of this attack has been hosted on legitimate platforms, making it harder for defenders to rely on network signals for identification, said Shane Huntley, head of Google's Threat Analysis Division in the blog post.
In the McAfee impersonation scam, the receiver of the email will be asked to install a legal version of the GitHub McAfee program while, at the same time, the malware was installed without the user being aware of it. Huntley noted that if Google notices that a user has become the target of a government-backed attack, it gives them an alert.
The blog post did not discuss who was targeted by APT-31's new attacks, but said there was increased exposure to the risks raised by APTs in the light of the U.S. election. Google shared its results with the FBI.
