Google said in a new blog post that hackers associated with the Chinese government are posing as McAfee antivirus software in an attempt to infect victims' computers with malware. And according to Google, the hackers appear to be the same group that unsuccessfully attacked former Vice President Joe Biden's presidential campaign earlier this year with a phishing attack. A similar group of hackers from Iran tried to target President Trump's campaign but was unsuccessful.
The group, which Google calls APT 31 (short for Advanced Persistent Threat), would email links to users downloading malware hosted on GitHub so that the attacker could upload and download files and execute commands. As the group used services like GitHub and Dropbox to carry out the attacks, it became more difficult to track.
"Every malicious part of this attack was hosted on legitimate services, making it more difficult for defenders to rely on network signals to detect," Google Threat Analysis Group leader Shane Huntley wrote in the blog post.
McAfee impersonation fraud asks the recipient of the email to install a legitimate version of McAfee software from GitHub while installing malware without the user being aware of it. Huntley found that whenever Google detects that a user has been the victim of a government-sponsored attack, it sends an alert.
The blog post does not mention who was affected by the recent APT-31 attacks, but it did note that "increased attention has been paid to the threats posed by APTs in connection with the US elections". Google reported its findings to the FBI.