New Delhi: Tech giant Google has alerted that hackers with links to the Chinese government are posing as genuine antivirus providers such as McAfee to trick people into installing malware. According to Google the group APT 31 is suspected of using the technique. In Google’s official blog Shane Huntley, the head of Google’s Threat Analysis Group, said that in one of the group’s phishing attempts, the hackers send email links to users which leads them to malware hosted on software development platform GitHub. The Window-based malware was built using python computing language. The implant used Dropbox for command and control and allowed the attacker to upload and download files as well as execute arbitrary commands.
‘Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection,’ wrote Huntley in the blog post.
ALSO READ| Google Removes 3,000 YouTube Channels Of Spam Network Linked To China Running Influence Campaigns
Huntley said that in one of the attempts the hackers posed as McAfee. ‘The targets would be prompted to install a legitimate version of McAfee anti-virus software from GitHub, while the malware was simultaneously silently installed to the system.’
The group was also responsible for the recent hack of both Joe Biden and Donald Trump’s presidential campaign. The attackers had sent emails to staffers who were handling the presidential campaign.
Google has also informed that attackers have also evolved their tactics during the pandemic and they have ‘observed threat actors from China, Russia, and Iran targeting pharmaceutical companies and researchers involved in vaccine development efforts’. Earlier this year Chinese hackers were also accused of trying to steal valuable information from the US biotech company Moderna Inc which is working on a vaccine candidate for COVID-19.