Cybercriminals never run out of ploys to dupe you into clicking links and attachments that you shouldn't.
They massively send out phishing emails pretending to be someone you know and trust. Most of the time, they also forge web addresses and domains to conceal suspicious links to try and fool you into clicking. With their ever-growing bag of tricks, it's impossible to keep up!
That's why we often rely on our security software to do the heavy lifting and automatically protect us from such threats. But what if hackers manage to find their way around our trusted protection systems too? Now, that's a really scary thought.
You won't believe how hackers managed to sneak a malicious link through an email protection service that was supposed to detect it!
Malware spread by McAfee
Software security company McAfee's email hacking protection network was reportedly used to spread banking malware via a malicious link.
Ironically, the service, McAfee ClickProtect, is designed to protect you from phishing attacks and malicious links by scanning your emails for suspicious web addresses.
The malicious link was spotted by a Paris-based security researcher who goes by the Twitter name Benkow after he ran a malware analysis report of suspicious web addresses. He discovered a link in the list pointing to the cp.mcafee.com domain.
— Benkøw moʞuƎq (@benkow_) November 13, 2017
When clicked, the link appeared to redirect you through the McAfee domain and resolved to a third-party website that hosted a Word document booby-trapped with the Emotet banking malware.
Upon opening the poisoned Word document and permitting its macros, it downloads and installs the Emotet malware on your computer and proceeds to steal your browser and mail passwords. These stolen credentials can then be used to hack into your banking accounts.
Emotet is actually one of the two banking trojans that Microsoft warned us to be on the rise. Thankfully, the malicious link is now being actively blocked by McAfee.
— Zack Whittaker (@zackwhittaker) November 15, 2017
How did it happen?
McAfee's spokesperson told ZDNet that its ClickProtect "performed as designed" and they are investigating the incident.
The company said that in the early hours of November 13, the link was not yet flagged as malicious by its system. However, later that day, it was properly identified as a "high-risk" threat and was subsequently blocked.
At this point, it is still unclear how the link was created in the first place. Was it a deliberate attempt by hackers to fool McAfee customers? As Microsoft recently warned, Emotet malware activity has been rising in the past few months and cybercriminals are getting craftier with their phishing attacks.
Perhaps our main takeaway from this McAfee incident is this - in our current cybersecurity climate, we shouldn't readily assume that a link is safe even though it is flagged as such by your software security system.
Shortened and converted links, in particular, are dangerous since hackers can forge web addresses and conceal their destinations.
An email may be stamped with a "guaranteed virus-free" seal of approval and an attached link may even be preceded with what looks like a trusted domain but be extremely cautious - these may just be smokescreens to lull you into a false sense of security.
New fast-spreading malware could empty your bank account
Aside from Emotet, there's another fast-spreading banking malware that you need to worry about right now. Click here and learn more about it!