Featured Blogs
McAfee Defender’s Blog: Cuba Ransomware Campaign
Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations...
BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google...
McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: April 2021. In this edition, we present...
Clever Billing Fraud Applications on Google Play: Etinu
Authored by: Sang Ryol Ryu and Chanung Pak A new wave of fraudulent apps has made its way to the...
Access Token Theft and Manipulation Attacks – A Door to Local Privilege Escalation
Executive Summary Many malware attacks designed to inflict damage on a network are armed with lateral movement capabilities. Post initial...
“Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards
Preface Countries all over the world are racing to achieve so-called herd immunity against COVID-19 by vaccinating their populations. From...
How to Stop the Popups
McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying...
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian...
Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit
Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server...
DarkSide Ransomware Victims Sold Short
Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the...
Scammers Impersonating Windows Defender to Push Malicious Windows Apps
Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender...
A New Program for Your Peloton – Whether You Like It or Not
Executive Summary The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help developers...
Are Virtual Machines the New Gold for Cyber Criminals?
Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale...
McAfee Labs Report Highlights Ransomware Threats
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: June 2021. In this edition we introduce...
New Ryuk Ransomware Sample Targets Webservers
Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the...
Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+
Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video...
Fuzzing ImageMagick and Digging Deeper into CVE-2020-27829
Introduction: ImageMagick is a hugely popular open source software that is used in lot of systems around the world. It...
Fighting new Ransomware Techniques with McAfee’s Latest Innovations
In 2021 ransomware attacks have been dominant among the bigger cyber security stories. Hence, I was not surprised to see...
Zloader With a New Infection Technique
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware...
Hancitor Making Use of Cookies to Prevent URL Scraping
This blog was written by Vallabh Chole & Oliver Devane Over the years, the cybersecurity industry has seen many threats...
Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems?
Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating...
REvil Ransomware Uses DLL Sideloading
This blog was written byVaradharajan Krishnasamy, Karthickkumar, Sakshi Jaiswal Introduction Ransomware attacks are one of the most common cyber-attacks among...
An Overall Philosophy on the Use of Critical Threat Intelligence
The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and...
XLSM Malware with MacroSheets
Written by: Lakshya Mathur Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw...
The Rise of Deep Learning for Detection and Classification of Malware
Co-written by Catherine Huang, Ph.D. and Abhishek Karnik Artificial Intelligence (AI) continues to evolve and has made huge progress over the last decade. AI shapes our daily lives. Deep learning is a subset of techniques in AI that...
Phishing Android Malware Targets Taxpayers in India
Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via phishing by pretending...
Android malware distributed in Mexico uses Covid-19 to steal financial credentials
Authored by Fernando Ruiz McAfee Mobile Malware Research Team has identified malware targeting Mexico. It poses as a security banking tool or as a bank...
