McAfee Labs

McAfee Labs, led by the Advanced Threat Research team, is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership.

McAfee Labs

MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play

The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader and Roaming Mantis) targeting Korean and Japanese users. A series of attack campaigns are still active, mainly targeting Japanese users. The new spyware has very different payloads from the existing ...

McAfee Labs

The Twin Journey, Part 2: Evil Twins in a Case In-sensitive Land

In the first of this 3-part blog series, we covered the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled. In this 2nd post we try to abuse applications that do not work well ...

McAfee Labs

DHCP Client Remote Code Execution Vulnerability Demystified

CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for DHCP client services in a system, is vulnerable to malicious DHCP reply packets. This vulnerability allows remote code execution if the user tries to connect to a network with a ...

McAfee Labs

Clop Ransomware

This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There are some variants of the Clop ransomware but in this report, we ...

McAfee Labs

The Twin Journey, Part 1

Summary and Introduction: The recent changes in Windows 10, aiming to add case sensitivity (CS) at directory level, have prompted our curiosity to investigate the potential to use CS as a mean of obfuscation or WYSINWYG (What You See is NOT What you Get). While CS was our entry point, ...

McAfee Labs

Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423

In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine. Microsoft released a patch in October 2018. We investigated this flaw at that time to protect our customers. We were able to find some issues with the patch and reported ...

McAfee Labs

What Is Mshta, How Can It Be Used and How to Protect Against It

The not-so Usual Suspects There is a growing trend for attackers to more heavily utilize tools that already exist on a system rather than relying totally on their own custom malware. Using .hta files or its partner in crime, mshta.exe, is an alternative to using macro enabled document for attacks ...

McAfee Labs

Examining the Link Between TLD Prices and Abuse

Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee ...

McAfee Labs

No More Ransom Blows Out Three Birthday Candles Today

Collaborative Initiative Celebrates Helping More Than 200,000 Victims and Preventing More Than 100 million USD From Falling into Criminal Hands Three years ago, on this exact day, the public and private sectors drew a line in the sand against ransomware. At that time, ransomware was becoming one of the most ...

McAfee Labs

Demystifying Blockchain: Sifting Through Benefits, Examples and Choices

You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may have seen commercials for IBM touting the supply chain tracking benefits of blockchain.[i]  It appears nearly every industry is investing in, adopting, or implementing blockchain. Someone has probably told you ...

Subscribe to McAfee Securing Tomorrow Blogs