Featured Blogs
McAfee Labs Unlocks LeChiffre Ransomware
At McAfee Labs we recently received a low-profile ransomware called LeChiffre. Unlike ransomware that is distributed by a spam campaign or...
The Rise of Backdoor-FCKQ (CTB-Locker)
By Raj Samani (@Raj_Samani) and Christiaan Beek (@ChristiaanBeek) In the McAfee Labs Threats Report published in November 2014, Senior Vice...
Locky Ransomware on Rampage With JavaScript Downloader
Locky is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many...
More Details on "Operation Aurora"
Earlier today, George Kurtz posted an entry, ‘Operation “Aurora” Hit Google, Others’,  on the McAfee’s Security Insight blog The purpose...
Zcrypt Expands Reach as ‘Virus Ransomware’
McAfee has recently seen a new kind of ransomware–Zcrypt—that can self-replicate. This “virus ransomware” arrives via email in a malicious...
New Exploit of Sandworm Zero-Day Could Bypass Official Patch
Update of October 25: Some comments posted after we published this report suggest that our proof-of-concept exploit will trigger the...
Cerber Ransomware Updates Configuration File
This blog post was written by Sudhanshu Dubey. McAfee Labs has recently analyzed Version 2 of Cerber, one of the...
Further Analysis of WannaCry Ransomware
McAfee Labs has closely monitored the activity around the ransomware WannaCry. Many sources have reported on this attack and its...
Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack
This blog post was co-written by Michael Rea. During our monitoring of activities around the APT28 threat group, McAfee Advanced...
Remote iPhone Jailbreak Using PDF Exploit Should Serve as Wake-Up Call
Like many iPhone users, I “jailbreak” my iPhone. I do this for many reasons, but mainly for console-level access and...
Product Coverage and Mitigation for CVE-2014-1761 (Microsoft Word)
On March 24, Microsoft released Security Advisory 2953095 for Microsoft Word. In-the-wild exploitation of this vulnerability has been observed across...
Product Coverage and Mitigation for CVE-2014-1776 (Microsoft Internet Explorer)
On April 26, Microsoft released Security Advisory 2963983 for Microsoft Internet Explorer. In-the-wild exploitation of this vulnerability has been observed...
Beware of Impostor Android Apps Using Fake ID
Recently discovered, an Android vulnerability called Fake ID allows apps to impersonate other apps by copying their identity. Each app...
At McAfee, Protecting Customers Takes Precedence Over Seeking Headlines
One question I often hear is “When will McAfee publish a report on the latest threat?” It seems to be...
Malware Mystery: JS/Nemucod Downloads Legitimate Installer
JS/Nemucod is the detection name given to a family of malicious JavaScript downloaders that have appeared in spam campaigns since last year....
Microsoft’s June Patch Kills Potential CFG Bypass
After applying Microsoft’s June patch, we noticed some interesting changes that prevent a security bypass of Windows’ Control Flow Guard...
McAfee AMSI Integration Protects Against Malicious Scripts
This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.
Everyday Hero: 5 Questions with McAfee Labs’ Paula Greve
iWith cybersecurity experts taking center stage this week at the Black Hat conference in Las Vegas, the world is watching...
Zeus Crimeware Toolkit
The Zeus botnet has been in the wild since 2007 and it is among the top botnets active today. This...
AutoIt and Malware: What’s the Connection?
During the last couple of weeks I’ve come across three malware samples packed using compiled AutoIt scripts, so I decided...
Android Phones Vulnerable to Loss of Data, Apps
Recently security researcher Ravi Borgaonkar discussed a vulnerability that caused a Samsung Galaxy SIII to return to a factory reset...
Short-URL Services May Hide Threats
Short-URL services have emerged as a crucial part of the way we use the Internet. With the increasing use of...
Suspicious Mobile App Finds Your Gmail, Facebook, and Twitter Accounts
Today many people use multiple web services, such as social networking and messaging services. Some users explicitly show their identity...
RTF Attack Takes Advantage of Multiple Exploits
This is a joint analysis by Haifei Li, Stanley Zhu, and Jun Xie of McAfee Labs Recently, the rich text...
Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection
Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans...
Floki Bot a Sensation With International Cybercriminals
Floki Bot, new financial malware, is popular with English-, Portuguese-, and Russian-speaking underground criminal markets, winning over cybercriminals with new...
With Release of Windows 10, Questions About BitLocker Arise Again
This post was written by Ted Pan. For those of you who were around during the original release of Microsoft’s...
