Featured Blogs
Android Malware Clicker.G!Gen Found on Google Play
Recently the Mobile Malware Research Team of McAfee found on Google Play a new campaign of Android/Clicker.G in dozens of...
Android Malware Appears Linked to Lazarus Cybercrime Group
This blog was written by Inhee Han. The McAfee Mobile Research team recently examined a new threat, Android malware that...
Android DIY DoS App Boosts Hacktivism in South America
Hacktivism has become very popular in recent years; one of its leading agents is the online community Anonymous. Hacktivist groups...
Android Devices Potentially Compromised by Judy App Weaknesses
We’ve seen cyberattacks truly embody their names as of late, given how the massive WannaCry ransomware attack left quite a...
Android Click-Fraud Apps Briefly Return to Google Play
Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior...
Android Click-Fraud App Repurposed as DDoS Botnet
The McAfee Mobile Research Team tracks the behavior of Android click-fraud apps. We have detected multiple implementations, including recent examples...
Android Banking Trojan MoqHao Spreading via SMS Phishing in South Korea
Last month, a number of users started posting on South Korean sites screenshots of suspicious SMS messages phishing texts (also...
Android Banking Trojan Asks for Selfie With Your ID
In the first half of 2016 we noticed that Android banking Trojans had started to improve their phishing overlays on legitimate financial...
Android Banking Trojan ‘SpyLocker’ Targets More Banks in Europe
Since the discovery of the Android banking Trojan SpyLocker, McAfee has closely monitored this threat. SpyLocker first appeared disguised as...
Android App SandroRAT Targets Polish Banking Users via Phishing Email
Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is...
Android App Contains Windows Worm
When developers are unaware of security they open the door to threats against their customers and users. We are not...
Analyzing the Uroburos PatchGuard Bypass
A few weeks ago G Data Software released a report detailing alleged intelligence agency software. Following the release of that report,...
Analyzing the Target Point-of-Sale Malware
January 21, 2014: As more information comes to light, surrounding these events, we continue to identify and analyze additional components...
Analyzing the Recent Windows Zero-Day Escalation of Privilege Exploit
Recently we caught a malicious sample that exploits a PDF vulnerability–CVE-2013-3346, we believe–and executes after a use-after-free condition occurs. During...
Analyzing the First ROP-Only, Sandbox-Escaping PDF Exploit
The winter of 2013 seems to be “zero-day” season. Right after my colleague Haifei Li analyzed the powerful Flash zero...
Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical...
Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826
McAfee Labs has performed frequent analyses of Office-related threats over the years: In 2015, we presented research on the Office...
Analyzing KillDisk Ransomware, Part 2: Variants and Screen Unlocking
This blog post was written by Sudhanshu Dubey. At McAfee Labs we recently analyzed the ransomware KillDisk. In part 1 of...
Analyzing KillDisk Ransomware, Part 1: Whitelisting
This blog post was written by Sudhanshu Dubey. At McAfee Labs we recently analyzed the ransomware KillDisk. We will share...
Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+
Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video...
Analyzing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution
Apache Struts is a model-view-controller framework for creating Java web applications. Struts has suffered from a couple of vulnerabilities using...
Analyzing CVE-2017-3731: Truncated Packets Can Cause Denial of Service in OpenSSL
OpenSSL is a popular open-source library for SSL and is used by various software and companies across the world. In...
Analyzing CVE-2017-0190: WMF Flaws Can Lead to Data Theft, Code Execution
CVE-2017-0190 is a recently patched vulnerability related to Windows metafiles (WMFs), a portable image format mainly used by 16-bit Windows...
Analyzing CVE-2016-9311: NTPD Vulnerability Can Lead to Denial of Service
The network time protocol synchronizes time across various devices on a network. The network time protocol daemon (NTPD) is an...
Analyzing and Identifying Issues with the Microsoft Patch for CVE-2018-8423
Introduction As of July 2019, Microsoft has fixed around 43 bugs in the Jet Database Engine. McAfee has reported a...
Analyzing a Patch of a Virtual Machine Escape on VMware
This blog was written by Yakun Zhang. A virtual machine is a completely isolated guest operating system installation within a...
Analyzing a Fresh Variant of the Dorkbot Botnet
This blog post was written by Sudhanshu Dubey. At McAfee Labs, we have recently observed a new variant of the...
