{"id":37777,"date":"2014-09-08T14:58:02","date_gmt":"2014-09-08T21:58:02","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=37777"},"modified":"2025-05-27T22:47:55","modified_gmt":"2025-05-28T05:47:55","slug":"backoff-malware-resorts-encryption-hide-intentions","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/","title":{"rendered":"BackOff Malware Uses Encryption to Hide Its Intentions"},"content":{"rendered":"<p>Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware. They do this to evade static-based clustering and detection even though the behavior is the same. In many cases obfuscation also helps hide the threat&#8217;s malicious intentions from security researchers.<\/p>\n<h2>BackOff Malware Explained<\/h2>\n<p>BackOff, a point-of-sale malware designed to steal banking login credentials, is one of the latest to use this method. BackOff creates a fake Oracle Java folder and then drops javaw.exe in the appdata folder, in which the malware binary is copied. This name mimics the legitimate Java file from Oracle. Because the malware is copied into appdata, the original version of the malware gets deleted. A log file (log.txt) is created to store all keystrokes. For example, if the victim types &#8220;testing 1 2 3 This is a test,&#8221; the log file will store it in the following fashion:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-37783\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png\" alt=\"p2\" width=\"871\" height=\"81\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/p2.png 871w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/p2-300x27.png 300w\" sizes=\"auto, (max-width: 871px) 100vw, 871px\" \/><\/a><\/p>\n<p>The malware not only stores time and date, but also includes case while logging the keystrokes of the victim. This makes sense because banking and other important credentials are generally case sensitive.<\/p>\n<p>In an earlier variant there was no visible attempt to hide these behaviors. As we can see in the following strings related to the formation of the fake javaw.exe, the keylogging activity is visible in plaintext in the malware.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-37786\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p4.png\" alt=\"p4\" width=\"349\" height=\"103\" \/><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-37785\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p3.png\" alt=\"p3\" width=\"471\" height=\"103\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/p3.png 471w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/p3-300x65.png 300w\" sizes=\"auto, (max-width: 471px) 100vw, 471px\" \/><\/a><\/p>\n<p>Some binaries of this malware were so user friendly that they had proper comments to make sure that even a script kiddie could make proper use of it. For example, \u00a0the following binary has the comment &#8220;edit with your URL&#8221; so that the keylogs can be uploaded to the controller&#8217;s site.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-37788\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p5.png\" alt=\"p5\" width=\"191\" height=\"74\" \/><\/a><\/p>\n<p>However, such open behavior is not the case in the most recent binaries. The new samples, despite behaving the same way, do not have any obvious static content. The following segment of the variant shows no understandable strings.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/P6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-37789\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/P6.png\" alt=\"P6\" width=\"152\" height=\"85\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/P6.png 152w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/P6-150x85.png 150w\" sizes=\"auto, (max-width: 152px) 100vw, 152px\" \/><\/a><\/p>\n<p>We found that the malware uses an extensive encryption algorithm to hide the data revealed in the older variant. The following shows a section of the decryption loop.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p11.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-37794\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p11.png\" alt=\"p11\" width=\"389\" height=\"259\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/p11.png 389w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/p11-300x199.png 300w\" sizes=\"auto, (max-width: 389px) 100vw, 389px\" \/><\/a><\/p>\n<p>This code, expressed as a simple statement, reads:<\/p>\n<p><em>\u00a0a[counter] = ( (a[counter+1]-v) and k) or \u00a0(( shiftleft (a[counter]-v, 4) xor key[i]) )\u00a0<\/em><\/p>\n<p>Where a[counter] is the encrypted array, key[i] is an array consisting of a hardcoded key that will be repeated once it is fully exhausted, and v is another fixed numeral that will change alternately for each cycle of the loop. In this case, for example, with odd iterations it is 0x6c, and for even it is 0x41. And k is a fixed constant.<\/p>\n<p>After decryption we can observe that the control server is visible.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p12.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-37796\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p12.jpg\" alt=\"p12\" width=\"211\" height=\"97\" \/><\/a><\/p>\n<p>This site is blacklisted by McAfee SiteAdvisor.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/pq1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-37797\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/pq1.png\" alt=\"pq1\" width=\"544\" height=\"184\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/pq1.png 544w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/pq1-300x101.png 300w\" sizes=\"auto, (max-width: 544px) 100vw, 544px\" \/><\/a><\/p>\n<p>McAfee provides generic coverage for both plain and encrypted variants of BackOff, respectively, as &#8220;BackOff!&#8221; and &#8220;EncBackOff!&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware&#8230;.<\/p>\n","protected":false},"author":695,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,76,180],"coauthors":[4136],"class_list":["post-37777","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybercrime","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>BackOff Malware Uses Encryption to Hide Its Intentions | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware. They do this to evade\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BackOff Malware Uses Encryption to Hide Its Intentions | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware. They do this to evade\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-09-08T21:58:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T05:47:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/p2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"871\" \/>\n\t<meta property=\"og:image:height\" content=\"81\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"BackOff Malware Uses Encryption to Hide Its Intentions\",\"datePublished\":\"2014-09-08T21:58:02+00:00\",\"dateModified\":\"2025-05-28T05:47:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/\"},\"wordCount\":474,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png\",\"keywords\":[\"computer security\",\"cybercrime\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/\",\"name\":\"BackOff Malware Uses Encryption to Hide Its Intentions | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png\",\"datePublished\":\"2014-09-08T21:58:02+00:00\",\"dateModified\":\"2025-05-28T05:47:55+00:00\",\"description\":\"Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware. They do this to evade\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"BackOff Malware Uses Encryption to Hide Its Intentions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BackOff Malware Uses Encryption to Hide Its Intentions | McAfee Blog","description":"Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware. They do this to evade","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"BackOff Malware Uses Encryption to Hide Its Intentions | McAfee Blog","og_description":"Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware. They do this to evade","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2014-09-08T21:58:02+00:00","article_modified_time":"2025-05-28T05:47:55+00:00","og_image":[{"width":871,"height":81,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/p2.png","type":"image\/png"}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"BackOff Malware Uses Encryption to Hide Its Intentions","datePublished":"2014-09-08T21:58:02+00:00","dateModified":"2025-05-28T05:47:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/"},"wordCount":474,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png","keywords":["computer security","cybercrime","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/","name":"BackOff Malware Uses Encryption to Hide Its Intentions | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png","datePublished":"2014-09-08T21:58:02+00:00","dateModified":"2025-05-28T05:47:55+00:00","description":"Often we see malware authors using encryption or obfuscation along with other techniques to modify the static contents of malware. They do this to evade","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/p2.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/backoff-malware-resorts-encryption-hide-intentions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"BackOff Malware Uses Encryption to Hide Its Intentions"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/37777","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=37777"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/37777\/revisions"}],"predecessor-version":[{"id":214567,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/37777\/revisions\/214567"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=37777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=37777"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=37777"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=37777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}