Google said in a new blog post that hackers affiliated with the Chinese government have imitated antivirus software McAfee in an attempt to infect victims’ machines with malware. And Google says hackers appear to be the same group that unsuccessfully targeted former Vice President Joe Biden’s presidential campaign with a phishing attack earlier this year. A similar group of hackers based in Iran had tried to target President Trump’s campaign, but were also unsuccessful.
The group, which Google refers to as APT 31 (short for Advanced Persistent Threat), would email links to users who would download malware hosted on GitHub so that the attacker could upload and download files and execute commands. As the group used services like GitHub and Dropbox to carry out the attacks, it made it harder to track them.
“Every malicious piece of this attack hosted legitimate services, making it harder for defenders to rely on network signals for detection,”
In the McAfee imitation scam, the recipient of the email will be asked to install a legitimate version of McAfee software from GitHub, while malware was installed without the user’s knowledge. Huntley noted that when Google detects that a user has been the victim of a government-sponsored attack, it sends them an alert.
The blog post does not mention who was affected by the APT-31’s latest attack, but said there had been “increased awareness of the threats posed by the APTs in the US election.” Google shared its findings with the FBI.