Nuked Google says hackers have been impersonating antivirus software McAfee to try to infect victims’ machines with malware. The hackers appear to be the same group that failed to target Joe Biden’s presidential campaign earlier this year.
Google calls the group apt 31 (short for advanced persistent threat). It would email links to users which would download malware hosted on GitHub. The group used services like GitHub and Dropbox to carry out the attacks.
‘every malicious piece of this attack was hosted on legitimate services,’ says head of Google’s threat analysis group Shane Huntley.
In the McAfee impersonation scam, the recipient of the email would be prompted to install a legitimate version of McAfee software from GitHub. When Google detects that a user has been the victim of a government-backed attack, it sends them a warning.
