Foreign hackers who have been trying to hack the Biden and Trump campaigns are now using fake McAfee and YouTube videos and Dropbox-based malware, Google said in a report.
After revealing in June that Chinese and Iranian hackers attempted phishing against the personal email accounts of staffers on the Biden and Trump campaigns, Google outlined other Advanced Persistent Threats (APTs), a term usually reserved for nation-state actors.
“As part of our wider tracking of APT31 activity, we’ve also seen them deploy targeted malware campaigns,” Google said in its report. The APTs suspected of trying to obtain information for foreign governments include the Chinese government and state-owned enterprises.
Some of the threats include:
- Dropbox: One APT31 campaign used malicious email links that would download malware from the Microsoft-owned GitHub. The malware used Dropbox “for command and control” and would allow the hacker to upload and download files and execute commands.
- McAfee: In another instance, attackers mimicked McAfee antivirus software. Victims would be prompted to install a legitimate version of McAfee anti-virus software from GitHub.
- YouTube: Google has been tracking a large spam network linked to China running an “influence operation,” primarily on YouTube. These hackers acquire or hijack existing accounts and post “spammy content,” some of it harmless content about, for example, animals or music or food. Some of the spam channels will post videos about current events and a “small subset” about current events in the U.S., including protests, the wildfires on the West Coast and COVID-19.
- COVID-19: Over the summer, hackers from China, Russia and Iran targeted pharmaceutical companies and researchers involved in vaccine development efforts, Google said. In September, Google started to see multiple North Korea groups targeting COVID-19 researchers and pharmaceutical companies.
- DDoS (Distributed Denial of Service): DDoS attacks, which aim to bring down a website by flooding it with requests, have been increasing, Google noted.
One of the bigger concerns is malware that gets hosted on legitimate websites such as Dropbox, an expert told Fox News.
“By hosting malware on legitimate websites, threat actors can bypass automated defenses by abusing the many genuine websites that often won’t be blocked for business reasons, thus offering a window of opportunity to evade early detection,” Austin Merritt, cyber threat intelligence analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, told Fox News.
“In these cases, victims appear to [receive] legitimate notifications about software updates or antivirus notifications from third-party vendors,” Merritt added. “If these notifications are clicked on, it can provide threat actors access to internal networks, the opportunity to launch further cyberattacks, or the ability to exfiltrate information they seek.”