{"id":23730,"date":"2013-04-08T03:06:37","date_gmt":"2013-04-08T10:06:37","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=23730"},"modified":"2025-06-03T21:53:30","modified_gmt":"2025-06-04T04:53:30","slug":"phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/","title":{"rendered":"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection"},"content":{"rendered":"<p><em>This blog was written by Sanchit Karve.<\/em><\/p>\n<p>Last week, we noticed thousands of <a href=\"https:\/\/www.mcafee.com\/en-us\/antivirus\/malware.html\">malware<\/a> files in the wild that employ a simple phishing attack by modifying the <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc751132.aspx\" target=\"_blank\" rel=\"noopener\">hosts file<\/a> on Windows systems. What&#8217;s interesting, however, is the technique chosen by the malware authors to distribute their payload. The samples in question (Example MD5: <a href=\"https:\/\/www.virustotal.com\/en\/file\/030760c3fc4da6e8ee5ea4178027acd2a86e915453189aa48c2b608305b644a2\/analysis\/\">34d9b42bfd64c6f752fe27eef8d80c5f<\/a>) are packaged in a ZIP file along with a 0-byte readme.txt file.<\/p>\n<p>Usually, ZIP files start with the ZIP signature 0x04034B50 (or &#8220;PK&#8221;, 03, 04), but in this case the author chose to insert the UTF-8 Byte Order Mark (BOM) (represented as 0xEFBBBF) before the ZIP header.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" style=\"padding-top: 0px; padding-left: 0px; padding-right: 0px; border-width: 0px;\" title=\"sanchitkarve_ziputf8\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png\" alt=\"sanchitkarve_ziputf8\" width=\"615\" height=\"56\" border=\"0\" \/><\/p>\n<p>Unicode BOMs are often used to indicate the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Endianness\">endianness<\/a> of encoded textual data. It is redundant for UTF-8 data, as byte order has no meaning in UTF-8, which is why the <a title=\"Page 36 of Chapter 2\" href=\"http:\/\/www.unicode.org\/versions\/Unicode5.0.0\/ch02.pdf\" target=\"_blank\" rel=\"noopener\">Unicode Standard<\/a> leaves it as optional and does not recommend its use. Despite this, it is not uncommon to see UTF-8 BOMS in text files and data streams. For example, many popular applications (Notepad, Google Docs, etc.) use the UTF-8 BOM to explicitly state that a document is encoded with UTF-8.<\/p>\n<p>Because the ZIP file is prefixed with the UTF-8 BOM, it tricks many applications into assuming that the file is a UTF-8-encoded text file. For example, when such a file is opened by Windows 7, the OS complains that such a ZIP file is invalid. Some third-party archive programs, such as 7-Zip, WinRAR, and some others ignore the BOM and read the ZIP file correctly.<\/p>\n<p>Because the only way to run the file is to manually extract and execute it, the malware authors expect their victims to have third-party archiver applications installed on their computers.<\/p>\n<p>It is also likely that the authors using this technique want to evade detection from antivirus products and email spam filters that adhere strictly to the ZIP format. Even though most of the samples are virtually the same, they generate unique hashes due to the varying timestamp fields embedded in the ZIP header as well as differences in the installers&#8217; overlay sections caused by varying application names.<\/p>\n<p>As for the sample itself, the main payload is an installer that always bears one or more of the following words: Golaya, Russkaya, or Devochka (which together roughly translates to &#8220;Naked Russian Girls&#8221; in Russian).<\/p>\n<p>This installer silently executes batch and VBScript files to modify the hosts file on a victim&#8217;s machine and map IP addresses to popular Russian websites as shown below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" style=\"padding-top: 0px; padding-left: 0px; padding-right: 0px; border-width: 0px;\" title=\"sanchitkarve_hostsFile\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_hostsFile.png\" alt=\"sanchitkarve_hostsFile\" width=\"586\" height=\"388\" border=\"0\" \/><\/p>\n<p>When users visit one of these websites, instead of being connected to the site&#8217;s IP, they are instead connected to the IP address listed against the site name in the hosts file. Like any other phishing attack, the page hosted at the IP address in the hosts file looks almost like the original site, and is the perfect bait to lure users into unknowingly giving away their account credentials.<\/p>\n<p>This threat has been growing steadily over the past few days. VirusTotal reports that it currently has more than 5 million submissions of this malware family.<\/p>\n<h2>McAfee Detects Trojan-SkyHook, Agent-FBH, and Agent FBX<\/h2>\n<p>McAfee detects this threat as Trojan-SkyHook, Agent-FBH and Agent-FBX.<br \/>\nThanks to my colleague Srinivasa Kanamatha for discovering the anomaly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ&#8230;<\/p>\n","protected":false},"author":695,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[18],"coauthors":[4136],"class_list":["post-23730","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-network-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-04-08T10:06:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-04T04:53:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection\",\"datePublished\":\"2013-04-08T10:06:37+00:00\",\"dateModified\":\"2025-06-04T04:53:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/\"},\"wordCount\":551,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png\",\"keywords\":[\"network security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/\",\"name\":\"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png\",\"datePublished\":\"2013-04-08T10:06:37+00:00\",\"dateModified\":\"2025-06-04T04:53:30+00:00\",\"description\":\"This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection | McAfee Blog","description":"This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection | McAfee Blog","og_description":"This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2013-04-08T10:06:37+00:00","article_modified_time":"2025-06-04T04:53:30+00:00","og_image":[{"url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png","type":"","width":"","height":""}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection","datePublished":"2013-04-08T10:06:37+00:00","dateModified":"2025-06-04T04:53:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/"},"wordCount":551,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png","keywords":["network security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/","name":"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png","datePublished":"2013-04-08T10:06:37+00:00","dateModified":"2025-06-04T04:53:30+00:00","description":"This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/sanchitkarve_ziputf8.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-threat-uses-utf-8-bom-in-zip-signature-to-evade-detection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/23730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=23730"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/23730\/revisions"}],"predecessor-version":[{"id":215045,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/23730\/revisions\/215045"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=23730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=23730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=23730"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=23730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}