McAfee’s own email hacking protection, ClickProtect was used to propagate a banking malware.
McAfee ClickProtect is reported to have shared the Emotet banking malware, which was hosted on a third-party website.
Emotet is said to be a data-stealing Trojan that has recently made a reappearance, this time with a vengeance.
It seems that the malware has been upgraded several times in recent years and this means that it can avoid detection. The malware has been used by hackers as a ‘malware dropper’ to spread a newly discovered sophisticated banking malware called IcedID.
ZDNet reported that a security researcher known as ‘Benkow’ was the first to tweet about the malware which included a malicious link to “cp.mcafee.com” and a malware-laced document.
“Upon opening it and allowing macros, the user unknowingly triggers the download of the Emotet malware binary, also retrieved from a compromised site,” Malwarebytes’ lead malware intelligence analyst Jerome Segura told ZDNet.
After that malware has been installed, it will contact the control and command server and start stealing the user’s personal details. Emotet has been blocked by McAfee but as yet it is unknown if this was the work of hackers.
“In the early hours of Nov. 13, the web destination in question had not yet been identified as a source of malware propagation,” said a McAfee spokesperson, ZDNet reported.
“Later that day, however, McAfee’s Global Threat Intelligence service had indeed identified the web property as a threat, changed the site’s reputation ranking from ‘low risk’ to ‘high risk,’ and thereafter blocked McAfee customers from being able to reach the site.
“Users should beware of shortened or converted links and perhaps even more so when there might be assumptions that they are safe,” Segura warned.
“The same goes for signatures appended at the bottom of an email, saying ‘this email is guaranteed virus-free’ or similar. Not only does it give users a false sense of security, but criminals often also add such messages for social engineering purposes.”