China-backed hackers disguised as McAfee security staff to trick users into downloading malware into their device, according to Google.
The hackers urge the users to download a valid version of McAfee anti-virus software from GitHub, however, instead of the software, malware gets installed into the system inconspicuously.
The Threat Analysis Group from Google that is responsible for stopping cyberattacks, identified the activity and sent them a warning. According to Google, the findings were shared with the Federal Bureau of Investigation.
Shane Huntley, the head of Google’s Threat Analysis Group talked about the attacks that were sponsored by the Chinese government. These type of attacks are also known as APT-31 attacks and are mainly aimed to hinder or influence political movements and elections.
The threats came right before the presidential elections in America and grew rapidly in numbers over the months. Google said that the company sent 10,316 warnings about ‘government-backed attacks’ in July to September.
The miscreant group attacked campaign staffers’ personal emails with credential phishing attacks and emails with tracking links. Another such malware campaign used the same email links to install malware through GitHub on users’ PC. The malware was a Python-based implant that used file sharing service Dropbox to make commands and control various functionalities of a PC. Once planted, the malware allowed hackers to upload and download files and make arbitrary commands.
Since all the malware attacks were hosted on legitimate services, it was difficult for defenders to find an anomaly on network signals and raise a concern, said Google.
Microsoft also noted the increase in malware attacks on people and organisations who are involved with the presidential elections back in September. The tech giant stated that the Russian cybercrime group Strontium attacked more than 200 organisations including political campaigns, advocacy groups, parties and political consultants.
Moreover, other cybercrime groups such as Zirconium and Phosphorus from China and Iran respectively attacked high-profile users who were involved with the election.
Google also noted that it had thwarted previous attempts to hijack email accounts of campaign staffers with President Donald Trump and Democratic nominee Joe Biden in June.