Mistakenly, McAfee sent a word file loaded with Emotet banking malware to its ClickProtect email protection service users using the Anti-hacking service.
McAfee shares the malware, hosted on a third-party website, via domain which is associated with the project. Ironically, their service protects the users from harmful sites, malware links, and phishing attacks.
Further, this link redirects a user through ‘cp.mcafee.com’ domain and when he downloads the word file, he will be exposed to Emotet malware. Moreover, this banking malware obtains all the financial information of the user by injecting the malicious code into his computer’s network stack. It uses a PowerShell script to download additional information as well.
After installation, it gathers all essential information like card numbers and passwords. Later, it is used to hack the users’ accounts and transfer their finances electronically. In addition, it takes over the command as well as the control center of the infected system to use hard-codes IP addresses which avoids the detection and creates proxies.
Benkow, a French researcher, discovered this link and mentioned it in a malware analysis report.
Despite this online threat, McAfee is standing firm that their service is working completely well. According to the company, they have blocked the infected document.
However, as per the ZDNet report, the link was working until last Thursday. And, though this infected file is marked as high-risk by the service, it hadn’t been blocked still.
If you are a user of McAfee Antivirus tool and need assistance, then click here.