Google Issues a Warning Against Hackers Posing as McAfee Staff

Google recently published a blog post, warning users and US election participants, organizers, and others who are involved, that state-backed hackers from several countries might try to trick them into installing malware .

Chinese hackers working for the country’s government have been tied to countless hacking attacks and incidents over the years. However, it does not appear that they have plans to stop doing so anytime soon, as Google just identified them as the culprit behind another series of hacks.

According to the search engine giant’s recent blog post, Chinese government-backed hackers are contacting people and pretending to be staff members of an antivirus provider, McAfee . They would then trick people into installing malicious software on their computers, which would allow them further access.

According to Google, the attackers would actually prompt their would-be victims to install a real, legitimate version of McAfee’s antivirus software. However, as they are doing so, malware would secretly also be installed on their system at the same time.

Google’s Threat Analysis Group, which exists to detect and help stop hacking attacks, quickly recognized malicious activity, and it decided to send out warnings to alert the users. However, Google also shared its findings with the FBI, which it also publicly announced.

Of course, as many have likely assumed, the US is currently particularly careful when it comes to online threats , with the country’s presidential election day being only two weeks away.

There has already been a considerable rise of threats and incidents that were reported over the last few months, as the elections continued to inch closer. Google has been working hard to keep up and notify anyone who needed to be notified and become aware of the dangers.

Between the months of July and September of this year, the corporation sent more than 10,316 warnings, mostly notifying users about government-based attacks.

Even before that, in June of this year, the company stressed that phishing attacks targeting personal email accounts of those close to Trump and Biden campaigns are on the rise. The company managed to identify attackers as hackers with ties to Chinese and Iranian Advanced Persistent Threats (APT).

Hackers were targeting personal emails of staffers of both campaigns by using phishing attacks, and trying to steal login credentials . They would use tracking links to try and obtain the information they needed in order to get access or some other kind of advantage, likely with the goal of sabotaging campaigns, or manipulating them in some other way.

One of the Chinese malware campaigns was allegedly revolving around sending links via email, which would lead to downloading malware to victims’ devices. The malware was hosted on GitHub, and it was a Python-based implant, which used Dropbox for C&C (Command and Control).

If the malware ended up installed on the victims’ devices, it would allow hackers to freely download or upload files, or execute arbitrary commands as they pleased.

Google also noted that every malicious attack came from legitimate servers, which made relying on network signals in order to recognize attacks much harder on the defenders.

Google is also not the only one who noticed a significant growth of hacking attacks targeting those closely involved with the elections. Microsoft published similar reports, as well.

In fact, the company discovered that the Russian hacking group, Strontium, conducted attacks against over 200 different organizations, all of which were in some way connected to US political campaigns. They also targeted political consultants, advocacy groups, and even the parties themselves.

There were also plenty of cyberespionage groups with ties to China, such as Zirconium, or Iran, such as Phosphorus. These gangs focused on high-profile individuals who hold higher positions in the campaigns and/or elections themselves.

The last US election saw great interference from Russian hackers, as it was discovered months after the elections were over. This time, China and Iran seem to have made an extra effort to be included in attempts to manipulate the event, as well. However, for now, at least, it is believed that the election systems remain safe from harm.