McAfee Labs

Ransomware Takes Open-Source Path, Encrypts With GNU Privacy Guard

McAfee Labs has recently observed a new variant of ransomware that relies on the open-source program GNU Privacy Guard (GnuPG) to encrypt data. GnuPG is a hybrid-encryption software program that uses a combination of conventional symmetric-key cryptography for speed and public-key cryptography to ease the secure key exchange. Although ransomware using GnuPG to encrypt files …

McAfee Labs

Password-Protected Attachment Serves Ransomware

Attacks by macro malware carrying ransomware are growing, as we have recently reported. Since early March we have seen macro malware using high-obfuscation algorithms to hide itself from static and traditional antimalware detection techniques. Macro malware continues to evolve and use new tricks to evade detection. In addition to these evasion techniques, McAfee Labs researchers have …

McAfee Labs

Japanese Banking Trojan Shifu Combines Malware Tools

In recent weeks, McAfee Labs has analyzed a recently discovered banking Trojan that combines elements from multiple malware tools. Shifu has circulated since April, and attacks primarily Japanese banks. Installation This malware arrives as a file dropped by other malware or as a file downloaded unknowingly by users when visiting compromised sites. Upon installation the malware …

McAfee Labs

‘Evoltin’ POS Malware Attacks via Macro

Over the past couple of months McAfee Labs has seen an increase in the usage of macros to deliver malware. This kind of malware, as mentioned in previous posts (Dridex, Bartallex), usually arrives as an attached document within a phishing email. Recently McAfee labs came across a point-of-sale (POS) malware that spreads through malicious macros …

McAfee Labs

Malware Spreads Through Facebook Tag Scam

McAfee has recently observed a malware spreading through Facebook. This type of malware is not new, but it keeps evolving using new spreading mechanisms. A few days ago, we came across a Facebook post with this subject: [Username] shared a link – with [Another username] and 19 others The link was disguised as a pornographic …

McAfee Labs

Bartallex Renews Strain of Macro Malware

In recent weeks, McAfee Labs has seen a rise in the W97MDownloader malware, which comes with a macro downloader embedded in doc files. One of the malware families that serves these embedded macros is Bartallex, whose appearances have increased significantly during this period. The following chart shows the recent trend for the family:   Background …