According to a Google blog post, Chinese government-backed hackers pretended to be staff from cybersecurity provider McAfee and tricked users into installing malware on their devices.
Google said that these hackers would prompt users to install a legitimate version of the McAfee software from GitHub and on the side the malware was surreptitiously installed into the system.
Google’s Threat Analysis Group (TAG) that works on preventing cyber attacks identified the activity and instantly sent out a prominent warning. Google also said that the findings were shared with the Federal Bureau of Investigation (FBI).
This particular threat comes just ahead of the US elections and threats like these have gradually been increasing over the months. Google sent out 10,316 warnings about government-backed attacks over July to September, the blog stated.
In June this year, Google said that it had spotted phishing attacks targeted against personal email accounts of staffers on the Joe Biden and Donald Trump campaigns from Chinese and Iranian Advanced Persistent Threats (APT). These groups targeted campaign staffers’ personal emails with phishing emails and emails containing tracking links.
The blog mentions another Chinese malware campaign that was based on emailing links that would download malware hosted on GitHub. The malware that was downloaded was a Python-based implant using Dropbox, the file sharing service, for command and control. The malware would allow the hacker to upload and download files as well as execute arbitrary commands, Google said.
Google added that these malicious attacks were hosted on legitimate services thus making it harder for defenders to rely on network signals for detection.
In September, Microsoft also pointed out that the spike in cyberattacks targeting people and organisations involved in the US Presidential elections.
Microsoft stated that the Russsian cyber hacking group Strontium attacked more than 200 organisations including politcal campaigns, parties, political consultants and advocacy groups.
As per reports, other cyber spying groups like Zirconium and Phosphorus, operating from China and Iran, have attacked high-profile users associated with the ongoing elections.
