McAfee Labs

Read McAfee Labs blogs for the latest threat research, threat intelligence, and thought leadership from the Advanced Threat Research team.

McAfee Labs

A New Program for Your Peloton – Whether You Like It or Not

Executive Summary  The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. As security researchers, something that we always try to establish before looking at a target is what our scope should be. More specifically, we often assume well-vetted ...

McAfee Labs

Are Virtual Machines the New Gold for Cyber Criminals?

Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT systems in a heartbeat, allowing then to be more agile as opposed to investing into dedicated “bare-metal” hardware. To the outside untrained eye, it might seem that there ...

McAfee Labs

Scammers Impersonating Windows Defender to Push Malicious Windows Apps

Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender Update Victims end up allowing the installation of a malicious Windows Application that targets user and system information Browser push notifications can highly resemble Windows system notifications.  As recently discussed, ...

McAfee Labs

DarkSide Ransomware Victims Sold Short

Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the recent gas pipeline shutdown. Many of the excellent technical write-ups will detail how it operates an affiliate model that supports others to be involved within the ransomware business model (in ...

McAfee Labs

Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit

Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server which can be run standalone or in conjunction with IIS (Internet Information Services) and is used to broker internet traffic via HTTP network requests. The vulnerability is very similar to ...

McAfee Labs

“Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards

Preface Countries all over the world are racing to achieve so-called herd immunity against COVID-19 by vaccinating their populations. From the initial lockdown to the cancellation of events and the prohibition of business travel, to the reopening of restaurants, and relaxation of COVID restrictions on outdoor gatherings, the vaccine rollout ...

McAfee Labs

Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware

The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users since 2018. In the second half of 2020, the campaign improved its effectiveness by adopting dynamic DNS services and spreading messages with phishing URLs that infected victims with ...

McAfee Labs

How to Stop the Popups

McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying many others.  A significant portion is attributed to browser-based push notifications, and while there are a couple of simple steps users can take to prevent and remediate the situation, there ...

McAfee Labs

Steps to Discover Hidden Threat from Phishing Email

Introduction Email is one of the primary ways of communication in the modern world. We use email to receive notifications about our online shopping, financial transaction, credit card e-statements, one-time passwords to authenticate registration processes, application for jobs, auditions, school admissions and many other purposes. Since many people around the ...

McAfee Labs

Access Token Theft and Manipulation Attacks – A Door to Local Privilege Escalation

Executive Summary Many malware attacks designed to inflict damage on a network are armed with lateral movement capabilities. Post initial infection, such malware would usually need to perform a higher privileged task or execute a privileged command on the compromised system to be able to further enumerate the infection targets ...

Subscribe to McAfee Securing Tomorrow Blogs