McAfee Labs

Read McAfee Labs blogs for the latest threat research, threat intelligence, and thought leadership from the Advanced Threat Research team.

McAfee Labs Executive Perspectives McAfee Partners

Tool Talk: Cracking the Code on XtremeRAT

Late last week, reports began to surface that the Israeli police (along with other regional law enforcement) were targeted by a malware attack.  The entry vector was described as a phishing campaign sent from Benny Gantz (head of the Israeli Defense Forces).  Initially, details and indicators around the malware were beyond sparse. ...

McAfee Labs

A Quick Analysis of the Flash Player Opcode-Verifying Code Execution Vulnerability

On October 12, McAfee Labs learned of proof-of-concept code exploiting a newly patched Flash Player vulnerability. Adobe had patched this vulnerability in its latest security update on October 8. Our research team rapidly responded to this threat with an in-depth analysis of the root cause and the degree of exploitability. ...

McAfee Labs

Update: NGRBot Posing as Skype Drops Ransomware With Fake McAfee Logo

This blog was updated on October 15. See the end of this file. We recently received a sample of the malware NGRBot from a customer, who got a spam email with what appears to be a Skype link. Victims are lured into clicking a link that promises an image. Once ...

McAfee Labs

Multiplatform Fake AV Uses Different GUIs

Since the beginning of October we have seen a variant of fake antivirus malware that belongs to the FakeRean family of rogue security products. FakeRean is distributed by drive-by downloads or is dropped and executed by another malware. It blocks victims from accessing any other legitimate application on an infected ...

Mobile and IoT Security McAfee Labs

Android Phones Vulnerable to Loss of Data, Apps

Recently security researcher Ravi Borgaonkar discussed a vulnerability that caused a Samsung Galaxy SIII to return to a factory reset just by visiting a special website. Mobile phones have a number of useful codes (USSD/MMI) that can be typed on the dialer screen to bring up system information (IMEI, firmware ...

McAfee Labs

‘FakeInstaller’ Leads the Attack on Android Phones

Android.FakeInstaller is a widespread mobile malware family. It has spoofed the Olympic Games Results App, Skype, Flash Player, Opera and many other top applications. This is not news in the mobile malware world, the FakeInstaller family is one of the most prevalent malware that we have analyzed. More than 60 ...

McAfee Labs

NGRBot Spreads Via Chat

NGRBot is a worm that propagates through chat messengers, the Internet Relay Chat channel, social networking sites etc. It steals FTP and browser passwords and can cause a denial of service by flooding. NGRBots use the IRC network for file transfer, sending and receiving commands between zombie network machines and ...

McAfee Labs

‘Police Ransomware’ Preys on Guilty Consciences

“Police ransomware” is big business, generating millions of euros for organized criminal groups. In May, at Europol’s headquarters in The Hague, police officers from 14 EU member states affected by this threat met with representatives from Europol, Eurojust, Interpol, and industry. Police ransomware, as explained on the Europol website, typically ...

McAfee Labs

Facebook Bot Spreads Through Chat Messengers [Updated]

Update from Facebook: The Facebook security team been actively tracking this botnet and providing McAfee AV to the victims (via Scan and Repair) The sample covered is out of date, and the malware now works differently Any users infected with this malware should be pointed to the McAfee self-checkpoint on.fb.me/InfectedMcA ...

McAfee Labs

AutoIt and Malware: What’s the Connection?

During the last couple of weeks I’ve come across three malware samples packed using compiled AutoIt scripts, so I decided to explore the connection between AutoIt and the malware world. I took the latest 50 samples marked as AutoIt that were submitted to the free scanning site VirusTotal. Here are the ...

Subscribe to McAfee Securing Tomorrow Blogs