Hackers are using fake McAfee software to target presidential campaigns

An NSA exploit called EternalBlue was used to hack Baltimore's city computers

With the 2020 presidential election on the horizon, cybersecurity is a major issue. Regardless of the hotly debated facts regarding the 2016 election, a compromised democratic process puts the entire nation at risk.

It shouldn’t come as a surprise that hackers from several countries have made attempts at sabotaging various U.S. political campaigns in recent weeks.

In a recent blog post, Google revealed that at least some of these hacks seem to be using the same strategy. They are reportedly impersonating McAfee antivirus software to infect devices with malware. So far, hackers have been traced back to both China and Iran, each with different targets.

Breaking Down a Threat

Big Tech companies, for better or worse, have an important part to play in helping to secure the nation’s election. Their resources and technical expertise far outweigh most things the government can come up with on its own. For that reason, the efforts of companies like Google and Microsoft have become crucial in the fight for a fair election.

Recent attacks have seen hackers targeting the campaigns of both major presidential candidates—Joe Biden and Donald Trump. The latter was reportedly targeted by a group of Iranian hackers while the former Vice President’s campaign was targeted by hackers linked to the Chinese government.

Google refers to the groups as an Advanced Persistent Threat (APT). The Iranian group is known as APT-35 while the Chinese group is dubbed APT-31.

Hackers reportedly emailed users a prompt that asks them to download a legitimate copy of McAfee from GitHub. While that product was being downloaded, a malware program was also installed on the victim’s device. From there, hackers can upload and download files as well as execute commands.

By utilizing services like Dropbox and GitHub throughout the attacks, the hackers made themselves difficult to track.

Shane Huntley, head of Google’s Threat Analysis Group, says, “Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection.”

As of now, Google hasn’t mentioned who the APT-31 attacks have affected. It did say that there is “increased attention on the threats posed by APTs in the context of the U.S. election.”

Google has shared its findings with the FBI. The company also alerts users who may have been a victim of a government-backed hacking attack.

Current Issues

At the same time, Google has also been taking steps to protect users from other kinds of misinformation and fear-based attacks. In the blog post, it notes that it has observed threats from China, Russia, and Iran, each focusing on pharmaceutical companies currently working on a COVID-19 vaccine.

With a vaccine potentially just a few months away, it will be important to continue to limit the flow of misinformation on digital platforms. So long as the vaccine is deemed safe and effective, it is the world’s best option of getting out of the pandemic. Ensuring that false information online doesn’t stop people from getting it will be extremely important.


Please enter your comment!
Please enter your name here