McAfee Exposed New Malware in 2018 Winter Olympics Hacking Campaign – McAfee is very popular amongst us, as McAfee develops high-end security tools for the safety of our systems. The McAfee had recently found out a new malware, which was aiming the organizations associated with the 2018 winter Olympics in Pyeongchang, South Korea. The malware, exposed by the McAfee does belong to a hacking campaign. This aimed to hack the data, from the reputed organizations associated with the 2018 winter Olympics.
McAfee noticed that organizations are receiving attacks via phishing emails. These emails camouflaged as safety alerts from the South Korea NCTC (National Counter Terrorism Center) including a word document. When the receiver opens that word document it automatically installed a PowerShell backdoor. This hacking campaign or phishing campaign looks like the same as others but it is very dangerous and different from other hacking campaigns.
According to the Sherstobitoff, this phishing or hacking campaign might be running by an organization and not by a single person. But till now the organization name is not confirmed that who is this organization. He also said that alone is not possible to tell that who or what group is behind an attack as attribution is cumbersome and technical research has failed to provide enough data. For More information visit mcafee.com/activate.
If we consider the McAfee Advanced Treat Research Team discovery and analysis then according to them, the embedded macro which installed the PowerShell backdoor in the systems of the targets is the updated version of the previous phishing campaign. In the previous hacking campaign, the backdoor established on the target’s system, when target opens the word document. But the installation of PowerShell backdoor allows the freedom to hackers to access the “any information they desire”.
Why this Hacking Campaign is dangerous – McAfee Exposed New Malware in 2018 Winter Olympics:
- This campaign includes embedded macro scripts which installed PowerShell backdoor.
- It includes an image file which contains the script in its pixels.
- The image need not be installed on the system, it works if only downloaded to the system.
- This campaign uses a File-less technique, which is not easily detectable by antivirus.
Previously we have seen many attacks or phishing attacks which includes the scripts in a word document. Then this word document sends to the target’s system via emails. When the target open word document to read than an embedded script launched automatically and established PowerShell backdoor. In this type of hacking attack, we had the chance to detect and block the attack but not before the second stage of the payload.
But in 2018 winter Olympics hacking campaign, when the target opens the word document then the embedded macro launch the PowerShell. Now PowerShell extracts the second PowerShell scripts from the image and executes it from memory. This gives the freedom to the attackers to access and control the system remotely.
Effects of the Installation of the PowerShell – McAfee Exposed New Malware in 2018 Winter Olympics:
Brave Prince and Ghost419 – Hacking Campaign:
- This campaign read and collect the content and other information about the computer from the hard drive of the targeted system.
Running Rat – Hacking Campaign:
- This is a Remote Access Trojan which collects the keystrokes and clipboard information. The Trojan detects and compresses the files, turn off the system, clean the event history and many more.
Gold Dragon – Hacking Campaign:
- Gold Dragon initiates the download of successive malware payloads.
If you have any other query related to the how McAfee exposed new malware in 2018 winter Olympics, Hacking campaign. then you may contact McAfee Support or visit us at mcafee.com/activate for McAfee Activate and the further information or support.