Featured Blogs
Android/LeifAccess.A is the Silent Fake Reviewer Trojan
The McAfee Mobile Research team has identified an Android malware family dubbed Android/LeifAccess.A that has been active since May 2019....
Ransomware Maze
EXECUTIVE SUMMARY The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019...
Nemty Ransomware – Learning by Doing
Executive Summary The McAfee Advanced Threat Research Team (ATR) observed a new ransomware family named ‘Nemty’ on 20 August 2019....
COVID-19 Threat Update – now includes Blood for Sale
Although the use of global events as a vehicle to drive digital crime is hardly surprising, the current outbreak of...
Transitioning to a Mass Remote Workforce – We Must Verify Before Trusting
While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we...
MalBus Actor Changed Market from Google Play to ONE Store
Authored by: Sang Ryol Ryu and Chanung Pak McAfee Mobile Research team has found another variant of MalBus on an...
Tales From the Trenches; a Lockbit Ransomware Story
Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased...
Cybercriminals Actively Exploiting RDP to Target Remote Organizations
The COVID-19 pandemic has prompted many companies to enable their employees to work remotely and, in a large number of...
ENS 10.7 Rolls Back the Curtain on Ransomware
Ransomware protection and incident response is a constant battle for IT, security engineers and analysts under normal circumstances, but with...
COVID-19 – Malware Makes Hay During a Pandemic
Special thanks to Prajwala Rao, Oliver Devane, Shannon Cole, Ankit Goel and members of Malware Research for their contribution and...
How To Use McAfee ATP to Protect Against Emotet, LemonDuck and PowerMiner
Introduction This blog describes how McAfee ATP (Adaptive Threat Protection) rules are used within McAfee Endpoint Security products. It will...
OneDrive Phishing Awareness
There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage...
RagnarLocker Ransomware Threatens to Release Confidential Information
EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a...
What’s in the Box? Part II: Hacking the iParcelBox
Package delivery is just one of those things we take for granted these days. This is especially true in the...
My Adventures Hacking the iParcelBox
In 2019, McAfee Advanced Threat Research (ATR) disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO...
Ripple20 Vulnerability Mitigation Best Practices
On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting...
McAfee COVID-19 Report Reveals Pandemic Threat Evolution
The McAfee Advanced Threat Research team today published the McAfee® Labs COVID-19 Threats Report, July 2020. In this “Special Edition”...
Hunting for Blues – the WSL Plan 9 Protocol BSOD
Windows Subsystem for Linux Plan 9 Protocol Research Overview This is the final blog in the McAfee research series trilogy...
Six Hundred Million Reasons to Celebrate: No More Ransom Turns FOUR!!
Happy Birthday! Today we mark the fourth anniversary of the NoMoreRansom initiative with over 4.2 million visitors, from 188 countries,...
Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?
Executive Summary We are in the midst of an economic slump [1], with more candidates than there are jobs, something...
McAfee Defender’s Blog: Operation North Star Campaign
Building Adaptable Security Architecture Against the Operation North Star Campaign Operation North Star Overview Over the last few months, we...
McAfee Defender’s Blog: NetWalker
Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in August...
Call an Exorcist! My Robot’s Possessed!
Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at...
Take a “NetWalk” on the Wild Side
Executive Summary The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were...
Robot Character Analysis Reveals Trust Issues
Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every...
Ripple20 Critical Vulnerabilities – Detection Logic and Signatures
This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the...
Vulnerability Discovery in Open Source Libraries Part 1: Tools of the Trade
Executive Summary Open source has become the foundation for modern software development. Vendors use open source software to stay competitive...
