{"id":50266,"date":"2016-06-06T11:27:53","date_gmt":"2016-06-06T18:27:53","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=50266"},"modified":"2025-06-02T18:56:43","modified_gmt":"2025-06-03T01:56:43","slug":"locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/","title":{"rendered":"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript"},"content":{"rendered":"

This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni.<\/em><\/p>\n

During the last couple of weeks, McAfee Labs has observed a huge increase in spam related to Locky, a new ransomware threat spread via spam campaigns. The contents of the spam email are carefully crafted to lure victims using social engineering techniques. McAfee Labs\u00a0blogged about Locky\u00a0<\/a>in March. You can read more about Locky in\u00a0McAfee Labs Threat Advisory. We have recently observed new campaigns of Locky and have described them below.<\/p>\n

XOR obfuscation<\/strong><\/h2>\n

Locky arrives through a spam email attachment that evades antispam filters and attempts to trick users via social engineering into opening the attachment. In general practice, these Locky payloads have not been obfuscated in these campaigns. On May 24\u00a0we first observed a payload obfuscated with\u00a0XOR. XOR (exclusive OR) obfuscation is a logical operation that\u00a0outputs “true” only when inputs differ. This technique is simple, fast, and generally effective to evade the detection. In this case the malware was\u00a0XORed with 0xFF.<\/p>\n

The XORed payload (hash: 7FD3E08F67C6B8CC4031D056F71B9762) looks like the following snippet:<\/p>\n

\"1\"<\/p>\n

After XORing with 0xFF, the sample appears in its original format, the Locky executable:<\/p>\n

\"2\"<\/p>\n

 <\/p>\n

XOR and reverse obfuscation<\/strong><\/h2>\n

After a couple of days, we observed another enhanced technique used for obfuscation: XORed and reversed. At first, the malware sample (C60DE80123131AC980F4E49DAD20A89D) looks like a junk file. In fact it was\u00a0XORed with 0x73 and reversed. The encrypted malware sample:<\/p>\n

\"3\"<\/p>\n

This version of the payload comes with an additional last four bytes as a checksum. After XORing with 0x73 the sample appears like this:<\/p>\n

\"4\"<\/p>\n

After removing the checksum and reversing the bytes, it is again a Locky executable.<\/p>\n

JavaScript obfuscation<\/strong><\/h2>\n

As expected, the attackers have now come up with a new twist, encoding the downloaded file. This step is a\u00a0new and different deployment behavior to avoid detection. In the last couple of days, we have received several samples of this kind.<\/p>\n

The zip attachment\u00a0in the spam email contains a\u00a0JavaScript\u00a0file (generally Nemucod<\/u>).<\/a>\u00a0The infection process follows this path:<\/p>\n

\"5\"<\/p>\n

At first, the file looks like highly obfuscated JavaScript and is tough to understand. The last few lines of the script (hash: 7FD3E08F67C6B8CC4031D056F71B9762) <\/span><\/span>looks like this:<\/p>\n

\"6\"<\/p>\n

We tried to deobfuscate by modifying the original script a bit. After deobfuscating, we found another obfuscated JavaScript but this time more readable. Here is the modified script that dumps the first layer of deobfuscated script.<\/p>\n

\"7\"<\/p>\n

After removing the first layer of obfuscation, parts of code become more visible. Now we can see the obfuscated URLs that\u00a0download the payloads once fully deobfuscated.<\/p>\n

\"8\"<\/p>\n

After the second layer of deobfuscation, we finally obtain more visible code. Here we can see the URL of three compromised websites from which the script\u00a0tries to download the payload.<\/p>\n

\"9\"<\/p>\n

The\u00a0script will try the second URL if the first download fails, and so on.\u00a0If successful, it downloads the encoded payload, which at first looks like a junk file.<\/p>\n

\"10\"<\/p>\n

Let’s take a look at the steps to decode the junk file:<\/p>\n

Step 1:<\/em> Validate the downloaded file by calculating its checksum. The body of this function follows:<\/p>\n

\"11\"<\/p>\n

Step 2:<\/em>\u00a0Reverse the whole file using the reverse () method of JavaScript.<\/p>\n

Step 3:<\/em>\u00a0Run the decryption algorithm on the reversed file. After successful decryption, we see the payload is Locky. We have seen two variants so far, with the only change Key2. The pseudocode for the decryption mechanism follows:<\/p>\n

Variant 1:<\/em><\/p>\n

\"12\"<\/p>\n

Variant 2:\u00a0<\/em><\/p>\n

\"13\"<\/p>\n

Step 4:<\/em> After decoding, the file checks the size and a valid\u00a0MZ\u00a0signature. If the check fails, it repeats the process in search of a valid payload. The body of the check function looks like this:<\/p>\n

\"14\"<\/p>\n

Step 5:<\/em>\u00a0The script executes the payload after Step 4 is successful.<\/p>\n

\"15\"<\/p>\n

The cat-and-mouse game between ransomware developers and security vendors goes on. We can expect ransomware to continue to display new evasion techniques.<\/p>\n

McAfee advises users to keep their antimalware signatures up to date at all times. McAfee products detect this malicious JavaScript and the Locky payload as JS\/Nemucod, and Ransomware-Locky.a!enc respectively,\u00a0with DAT Versions 8183 and later.<\/p>\n","protected":false},"excerpt":{"rendered":"

This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks,…<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[338,180],"coauthors":[3973],"class_list":["post-50266","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-endpoint-protection","tag-malware"],"acf":[],"yoast_head":"\nLocky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-06T18:27:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-03T01:56:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/1-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"719\" \/>\n\t<meta property=\"og:image:height\" content=\"602\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript\",\"datePublished\":\"2016-06-06T18:27:53+00:00\",\"dateModified\":\"2025-06-03T01:56:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/\"},\"wordCount\":706,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-2.jpg\",\"keywords\":[\"endpoint protection\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/\",\"name\":\"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-2.jpg\",\"datePublished\":\"2016-06-06T18:27:53+00:00\",\"dateModified\":\"2025-06-03T01:56:43+00:00\",\"description\":\"This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-2.jpg\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-2.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript | McAfee Blog","description":"This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript | McAfee Blog","og_description":"This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-06-06T18:27:53+00:00","article_modified_time":"2025-06-03T01:56:43+00:00","og_image":[{"width":719,"height":602,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/1-2.jpg","type":"image\/jpeg"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript","datePublished":"2016-06-06T18:27:53+00:00","dateModified":"2025-06-03T01:56:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/"},"wordCount":706,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-2.jpg","keywords":["endpoint protection","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/","name":"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-2.jpg","datePublished":"2016-06-06T18:27:53+00:00","dateModified":"2025-06-03T01:56:43+00:00","description":"This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-2.jpg","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-2.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/50266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=50266"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/50266\/revisions"}],"predecessor-version":[{"id":214921,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/50266\/revisions\/214921"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=50266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=50266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=50266"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=50266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}