They say that defence is the best form of attack. There certainly seems to be a growing trend in turning security tools into hacking weapons. The latest example is the subversion of McAfee’s ClickProtect email protection service as a means of implanting the Emotet data-stealing Trojan – which a vehicle for the spread of IcedID banking malware.
Anyone clicking on the malicious link and enabling macros unleashes the malware from the compromised Word document. This malware gathered victims personal data such as email and browser passwords. McAfee has now cut off access to the infected site.
Advice from researchers at Malwarebytes is for users to be extra wary of any shortened or converted links and emails claiming to be guaranteed virus-free. This follows more general advice to scrutinise URL links more closely as a small change in official-looking addresses can direct users to malicious sites, while shortened URL links of course completely obscure the destination site.