Featured Blogs
BackOff Malware Uses Encryption to Hide Its Intentions
Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware....
CelebGate: a Long, Dangerous List of Celebrities
During the past few days, the media has been abuzz with the massive celebrity photo leak nicknamed CelebGate 2014. The...
Beware of Impostor Android Apps Using Fake ID
Recently discovered, an Android vulnerability called Fake ID allows apps to impersonate other apps by copying their identity. Each app...
Trust Is the Most Valuable Asset
The most valuable asset for actors in cyberspace is trust. It is an important ingredient in successful business operations as...
Adobe Flash Player Installer Scams Reappear on Google Play
Adobe Flash Player has been a boon to Android malware creators for a long time. These developers have taken advantage...
Yahoo Ads Serve Mobile Fake Alerts
“Android Armour,” a malicious knockoff of Armor For Android, has been circulating for some time with no end in sight, perhaps...
Trailing the Trojan njRAT
One Trojan that just won’t go away is the remote access tool njRAT. Microsoft recently took down a leading domain...
Android App SandroRAT Targets Polish Banking Users via Phishing Email
Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is...
‘DHL’ SMS Spam Distributes Android Malware in Germany
One of the most common methods for distributing PC malware is the use of email spam messages that pose as...
Malicious Utility Can Defeat Windows PatchGuard
In 2012, my colleagues Deepak Gupta and Xiaoning Li explained in a white paper how some malware can operate at...
Targeted Attacks on French Company Exploit Multiple Word Vulnerabilities
Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often...
Dofoil Downloader Update Adds XOR-, RC4-Based Encryption
This blog was written by Sanchit Karve. The Dofoil downloader (found in the wild since 2011) occasionally updates itself with...
CryptoWall Ransomware Built With RC4 Bricks
Last month many Internet users were suddenly forced to trade in Bitcoins. This was not for general purposes–they were paying...
Operation Dragonfly Imperils Industrial Protocol
Recent headlines (here and here) may have struck fear into those living near major energy installations due to references about...
GameOver Zeus/Cryptolocker: Am I Still Infected?
It has been two weeks since the announcement by multiple global law enforcement agencies regarding the takedown of the communications...
A Glance Into the Neutrino Botnet
Lately, we have seen a number of communications through our automated framework from the Neutrino botnet. While analyzing this botnet,...
Information Operations an Integral Part of Cyberwarfare
Weapons and the skills to use them are not the only decisive elements in warfare. Rhetoric and imagery are important,...
Iranian Keylogger Marmoolak Enters via Backdoor
Targeted attacks have several stages, sometimes called the APT kill chain. At McAfee Labs we prefer the model described by...
Necurs, Zbot Use Obfuscated Windows XP Detection to Bypass Analysis
This blog was written by Sanchit Karve. McAfee Labs has recently come across a number of malware samples that drop...
Targeted Attacks, Stolen Certificates, and the Shiqiang Gang
This blog post was written by Rahul Mohandas. The trend of attackers using stolen digital certificates to disguise their malicious...
Cybercrime ‘Highlights’ of First Quarter 2014
As a supplement to the next McAfee Labs Threats Report, which will appear next month, we offer this timeline of...
Product Coverage and Mitigation for CVE-2014-1776 (Microsoft Internet Explorer)
On April 26, Microsoft released Security Advisory 2963983 for Microsoft Internet Explorer. In-the-wild exploitation of this vulnerability has been observed...
iBanking Mobile Trojan Poses as Facebook Token Generator
Mobile banking Trojans have usually pretended to be security applications (for example, Zitmo) or legitimate banking apps (FakeToken or FkSite a.k.a....
iDroid Bot for Sale Taps Into Mobile Wallets
During recent weeks we’ve seen a new botnet kit advertised in several Russian forums. The iDroidbot costs US$1,500 and targets...
Zbot Botnet Steals Thousands of Credentials
In McAfee Labs we keep a close eye on the Zeus/Zbot/Gamover botnet malware that is responsible of thousands of samples...
RTF Zero-Day Attack CVE-2014-1761 Shows Sophistication of Attackers
A serious RTF zero-day attack has struck recently. McAfee detection solutions were provided a couple of days ago that allowed...
RTF Attack Takes Advantage of Multiple Exploits
This is a joint analysis by Haifei Li, Stanley Zhu, and Jun Xie of McAfee Labs Recently, the rich text...
