In a recent development, Google has stated in a new blog column that hackers associated with the Chinese government have been impersonating a known antivirus software, McAfee, to try to taint victims’ computers with malware. And, Google says, the hacker’s pattern has similarities with the same group that unsuccessfully targeted the administrative campaign of former Vice President Joe Biden with a phishing initiative earlier this year. A similar group of hackers based in Iran had tried to target President Trump’s drive but also was unsuccessful.
The group, which Google applies to as APT 31 (short for Advanced Persistent Threat), would email connections to users that would download malware treated on GitHub, enabling the attacker to upload and download files and perform commands. Since the group used services like GitHub and Dropbox to carry out the attacks, it made it more difficult to track them.
“Every spiteful bit of this attack was hosted on authorized services, making it harder for guardians to rely on system signals for disclosure,” the head of Google’s Peril Analysis Group Shane Huntley wrote in the blog post.
In the McAfee imitation scam, the recipient of the email would be prompted to establish a recognized version of McAfee software from GitHub, while at the identical time malware was established without the user being informed. Huntley noted that whenever Google recognizes that a user has been the dupe of a government-backed attack, it transfers them a warning.
The blog post doesn’t specify who was attacked by APT-31’s most advanced attacks, but said there had been “increased attention on the threats posed by APTs in the context of the U.S. election.” Google shared its findings with the FBI.