www.mcafee.com
Open in
urlscan Pro
104.102.55.193
Public Scan
Submitted URL: http://mcafee.com/blogs/other-blogs/mcafee-labs/behind-the-captcha-a-clever-gateway-of-malware/
Effective URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/behind-the-captcha-a-clever-gateway-of-malware/
Submission: On September 23 via api from DE — Scanned from DE
Effective URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/behind-the-captcha-a-clever-gateway-of-malware/
Submission: On September 23 via api from DE — Scanned from DE
Form analysis
4 forms found in the DOMhttps://www.mcafee.com/blogs
<form class="desktop-search-form-v2" action="https://www.mcafee.com/blogs">
<div><span class="search_icon_desktop"> <img src="/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/search_icon_black.svg" alt="search grey icon"> </span></div>
<div class="desktop-search-div"><input class="dsk-search" autocomplete="off" name="s" type="text" placeholder="Search"></div>
</form>
https://www.mcafee.com/blogs
<form class="desktop-search-form" style="display: none;" action="https://www.mcafee.com/blogs">
<div class="desktop-search-div"><input class="dsk-search" autocomplete="off" name="s" type="text" placeholder="Type and hit enter..."></div>
<div><span class="close_icon_desktop"> <img src="https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg" alt="close grey icon"> </span></div>
</form>
https://www.mcafee.com/blogs
<form class="form-inline my-2 my-lg-0" action="https://www.mcafee.com/blogs">
<div class="input-group mb-3 search-div">
<div class="input-group-append"><button class="sarch-btn" type="button"><span class="fa fa-search" title="Type and hit enter..."><span style="display: none;">.</span></span> </button>
</div>
</div>
</form>
https://www.mcafee.com/blogs
<form action="https://www.mcafee.com/blogs" class="desktop-search-form" style="display: none;">
<div class="desktop-search-div">
<input class="dsk-search" name="s" type="text" placeholder="Type and hit enter..." autocomplete="off">
</div>
<div><span class="close_icon_desktop">
<img src="https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg" alt="close grey icon">
</span>
</div>
</form>
Text Content
* Products * All-In-One Protection * NEW McAfee+ Individual Plans Complete privacy, identity and device protection for individuals. * NEW McAfee+ Family Plans Complete privacy, identity and device protection for up to 6 family members. * Other Products & Services * Antivirus * Scam Protection * Virtual Private Network (VPN) * Mobile Security * PC Optimizer * TechMaster Concierge * McAfee Assist * Free Tools & Downloads * Web Protection * Free Antivirus Trial * Device Security Scan * Password Generator * Features * Keep Me Private Online * Personal Data Cleanup * Online Account Cleanup * VPN (Virtual Private Network) * Social Privacy Manager * Safeguard My Identity * Identity Monitoring * Credit Monitoring * Security Freeze * Identity Theft Coverage & Restoration * Password Manager * Protect My Devices * Antivirus * Scam Protection * Web Protection * Protect My Family * Protection Score * Parental Controls * Family Plans * Resources * Stay Updated * McAfee Blog * Reports and Guides * McAfee on YouTube * Prevent Spam and Phishing * Learn More * Learn at McAfee * What is Antivirus? * What is a VPN? * What is Identity Theft? * Press & News * McAfee Newsroom * AI News & Scams * About Us * Our Company * Company Overview * Awards & Reviews * Investors * Our Efforts * Inclusion & Diversity * Integrity & Ethics * Public Policy * Join Us * Careers * Life at McAfee * Our Teams * Our Locations * Why McAfee Products All-In-One Protection NEW McAfee+ Individual Plans Complete privacy, identity and device protection for individuals. NEW McAfee+ Family Plans Complete privacy, identity and device protection for up to 6 family members. Other Products & Services Antivirus Scam Protection Virtual Private Network (VPN) Mobile Security PC Optimizer TechMaster Concierge McAfee Assist Free Tools & Downloads Web Protection Free Antivirus Trial Device Security Scan Password Generator Features Keep Me Private Online Personal Data Cleanup Online Account Cleanup VPN (Virtual Private Network) Social Privacy Manager Safeguard My Identity Identity Monitoring Credit Monitoring Security Freeze Identity Theft Coverage & Restoration Password Manager Protect My Devices Antivirus Scam Protection Web Protection Protect My Family Protection Score Parental Controls Family Plans Resources Stay Updated McAfee Blog Reports and Guides McAfee on YouTube Prevent Spam and Phishing Learn More Learn at McAfee What is Antivirus? What is a VPN? What is Identity Theft? Press & News McAfee Newsroom AI News & Scams About Us Our Company Company Overview Awards & Reviews Investors Our Efforts Inclusion & Diversity Integrity & Ethics Public Policy Join Us Careers Life at McAfee Our Teams Our Locations Why McAfee Support Help Customer Support Support Community FAQs Contact Us Activation Activate Retail Card Region Asia Pacific Australia - English New Zealand - English Singapore - English Malaysia - English Philippines - English India - English 대한민국 - 한국어 日本 - 日本語 中国 - 简体中文 香港特別行政區 - 繁體中文 台灣 - 繁體中文 Europe Česká Republika - Čeština Danmark - Dansk Suomi - Suomi France - Français Deutschland - Deutsch Ελλάδα - Ελληνικά Ireland - English Magyarország - Magyar ישראל - עברית Italia - Italiano Nederland - Nederlands Norge - Bokmål Polska - Polski Portugal - Português Россия - Русский España - Español Sverige - Svenska Suisse - Français Schweiz - Deutsch Türkiye - Türkçe العربية - العربية United Kingdom - English North America United States - English Canada - English Canada - Français South America Argentina - Español Brasil - Português Chile - Español Colombia - Español México - Español Perú - Español Sign in * Support * Help * Customer Support * Support Community * FAQs * Contact Us * Activation * Activate Retail Card * * Asia Pacific * Australia-English * New Zealand-English * Singapore-English * Malaysia-English * Philippines-English * India-English * 대한민국-한국어 * 日本-日本語 * 中国-简体中文 * 香港特別行政區-繁體中文 * 台灣-繁體中文 * Europe * Česká Republika-Čeština * Danmark-Dansk * Suomi-Suomi * France-Français * Deutschland-Deutsch * Ελλάδα-Ελληνικά * Ireland-English * Magyarország-Magyar * ישראל-עברית * Italia-Italiano * Nederland-Nederlands * * Norge-Bokmål * Polska-Polski * Portugal-Português * Россия-Русский * España-Español * Sverige-Svenska * Suisse-Français * Schweiz-Deutsch * Türkiye-Türkçe * العربية-العربية * United Kingdom-English * North America * United States-English * Canada-English * Canada-Français * South America * Argentina-Español * Brasil-Português * Chile-Español * Colombia-Español * México-Español * Perú-Español * Sign in * * Blog * Topics How To Guides and Tutorials Internet Security Mobile Security Family Safety Privacy & Identity Protection Security News * At McAfee McAfee News Executive Perspectives McAfee Labs Life at McAfee Hackable? Podcast * English * Portuguese (BR) * Spanish * French(FR) * German * Italian * Japanese * French(CA) * Portuguese (PT) * Spanish (MX) * Dutch * * Blog * Topics How To Guides and Tutorials Internet Security Mobile Security Family Safety Privacy & Identity Protection Security News * At McAfee McAfee News Executive Perspectives McAfee Labs Life at McAfee Hackable? Podcast * . * Portuguese (BR) Spanish French(FR) German Italian Japanese French(CA) Portuguese (PT) Spanish (MX) Dutch Blog Other Blogs McAfee Labs Behind the CAPTCHA: A Clever Gateway of Malware BEHIND THE CAPTCHA: A CLEVER GATEWAY OF MALWARE McAfee Labs Sep 20, 2024 8 MIN READ Authored by Yashvi Shah and Aayush Tyagi EXECUTIVE SUMMARY McAfee Labs recently observed an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer. We are observing a campaign targeting multiple countries. Below is a map showing the geolocation of devices accessing fake CAPTCHA URLs, highlighting the global distribution of the attack. Figure 1: Prevalence on the field We identified two infection vectors leading users to these fake CAPTCHA pages: one via cracked game download URLs, and the other through phishing emails. GitHub users have been targeted by phishing emails prompting them to address a fictitious “security vulnerability” in a project repository to which they have contributed or subscribed. These emails direct users to visit “github-scanner[.]com” for further information about the alleged security issue. The ClickFix infection chain operates by deceiving users into clicking on buttons like “Verify you are a human” or “I am not a robot.” Once clicked, a malicious script is copied to the user’s clipboard. Users are then misled into pasting the script after pressing the Windows key + R, unknowingly executing the malware. This method of trickery facilitates the infection process, making it easy for attackers to deploy malware. Figure 2: Infection chain ATTACK VECTORS AND TECHNICAL ANALYSIS As illustrated in the diagram, users are redirected to fake CAPTCHA pages through two main attack vectors: 1. CRACKED GAMING SOFTWARE DOWNLOAD URLS: Users attempting to download pirated or cracked versions of gaming software are redirected to malicious CAPTCHA pages. Figure 3: Search to download the cracked version of the game When users search the Internet for free or cracked versions of popular video games, they may encounter online forums, community posts, or public repositories that redirect them to malicious links. Figure 4: Runkit directing the user to download the game In this instance, a public Runkit notebook hosts the malicious link (highlighted in blue). When the user accesses the URL (highlighted in red), they are redirected to fake CAPTCHA websites. Figure 5: Redirection happening while accessing the link On this page, after the user clicks the “I’m not a robot” button, a malicious PowerShell script is copied to their clipboard, and they are prompted to execute it. Figure 6: Backend script on the click button The website includes JavaScript functionality that copies the script to the clipboard. Figure 7: Decoded script The script is Base64-encoded (highlighted in blue), to reduce the readability to the user. Upon decoding it (highlighted in red), mshta was found to be leveraged. The file hosted at https://verif.dlvideosfre[.]click/2ndhsoru contains a Windows binary, having scripts appended as the overlay. Without the overlay appended, the file is a clean Windows binary. Figure 8: Windows binary with appended script The mshta utility searches for the <script> tag within a file and executes the script embedded in it, completely ignoring the binary portion of the file. This allows attackers to embed malicious scripts alongside non-executable content, making it easier for the malware to go undetected while still being executed through mshta. Figure 9: Obfuscated script appended in the downloaded file Upon analysis, the script was found to be an encrypted JavaScript file, utilizing two layers of encryption. This multi-level encryption obscures the script’s true functionality, making detection and analysis more challenging for security tools. Further analysis revealed that the decrypted JavaScript was designed to download Lumma Stealer using AES-encrypted PowerShell command and drop it in the Temp folder. This technique helps the malware avoid detection by placing the payload in a commonly used, less scrutinized directory, facilitating the next stage of the infection. Figure 10: Process tree 2. PHISHING EMAILS IMPERSONATING THE GITHUB TEAM In the second vector, users receive phishing emails, often targeting GitHub contributors, urging them to address a fake “security vulnerability.” These emails contain links leading to the same fake CAPTCHA pages. Figure 11: Phishing email impersonating GitHub Once the user clicks on the link, they’re redirected to the fake captcha pages. Figure 12: Fake CAPTCHA page These pages use the same technique: the malicious script is copied to the clipboard when the user clicks the button, and they are then prompted to execute it. Figure 13: Script copied onto clipboard This script retrieves and executes the contents of a text file hosted on an online server. Figure 14: Invoking the remote script The content of the text file contains PowerShell commands that download an executable file or a zip file. These files are saved into the temp folder and then executed. The downloaded files, in these cases, are Lumma Stealer samples. DETECTION AND MITIGATION STRATEGIES McAfee blocks this infection chain at multiple stages: 1. URL blocking of the fake CAPTCHA pages. Figure 15: McAfee blocking URLs 2. Heuristic blocking of malicious use of mshta. Figure 16: McAfee blocking the malicious behavior CONCLUSION AND RECOMMENDATIONS In conclusion, the ClickFix infection chain demonstrates how cybercriminals exploit common user behaviors—such as downloading cracked software and responding to phishing emails—to distribute malware like Lumma Stealer. By leveraging fake CAPTCHA pages, attackers deceive users into executing malicious scripts that bypass detection, ultimately leading to malware installation. The infection chain operates through two main vectors: cracked gaming software download URLs and phishing emails impersonating GitHub. In both cases, users are redirected to malicious CAPTCHA pages where scripts are executed to download and install malware. The use of multi-layered encryption further complicates detection and analysis, making these attacks more sophisticated and harder to prevent. At McAfee Labs, we are committed to helping organizations protect themselves against sophisticated cyber threats, such as the Clickfix social engineering technique. Here are our recommended mitigations and remediations: 1. Conduct regular training sessions to educate users about social engineering tactics and phishing schemes. 2. Install and maintain updated antivirus and anti-malware software on all endpoints. 3. Implement robust email filtering to block phishing emails and malicious attachments. 4. Use network segmentation to limit the spread of malware within the organization. 5. Ensure all operating systems, software, and applications are kept up to date with the latest security patches. 6. Avoid downloading cracked software or visiting suspicious websites. 7. Verify URLs in emails, especially from unknown or unexpected sources. 8. Restrict clipboard-based scripts and disable automatic script execution. 9. Keep antivirus solutions updated and actively scan. 10. Educate users to avoid suspicious CAPTCHA prompts on untrusted sites. 11. Regularly patch browsers, operating systems, and applications. 12. Monitor the Temp folder for unusual or suspicious files. INDICATORS OF COMPROMISE (IOCS) File Type SHA256/URLs Fake Captcha Websites URL Ofsetvideofre[.]click/ URL Newvideozones[.]click/veri[.]html URL Clickthistogo[.]com/go/67fe87ca-a2d4-48ae-9352-c5453156df67?var_3=F60A0050-6F56-11EF-AA98-FFC33B7D3D59 URL Downloadstep[.]com/go/08a742f2-0a36-4a00-a979-885700e3028c URL Betterdirectit[.]com/ URL URL Betterdirectit[.]com/go/67fe87ca-a2d4-48ae-9352-c5453156df67 heroic-genie-2b372e[.]netlify[.]app/please-verify-z[.]html URL Downloadstep[.]com/go/79553157-f8b8-440b-ae81-0d81d8fa17c4 URL Downloadsbeta[.]com/go/08a742f2-0a36-4a00-a979-885700e3028c URL Streamingsplays[.]com/go/6754805d-41c5-46b7-929f-6655b02fce2c URL Streamingsplays[.]com/go/b11f973d-01d4-4a5b-8af3-139daaa5443f URL Streamingszone[.]com/go/b3ddd860-89c0-448c-937d-acf02f7a766f?c=AOsl62afSQUAEX4CAEJPFwASAAAAAABQ URL Streamingsplays[.]com/go/1c406539-b787-4493-a61b-f4ea31ffbd56 URL github-scanner[.]shop/ URL github-scanner[.]com/ URL botcheck.b-cdn[.]net/captcha-verify-v7.html Redirecting Websites URL Rungamepc[.]ru/?load=Black-Myth-Wukong-crack URL game02-com[.]ru/?load=Cities-Skylines-2-Crack-Setup URL Rungamepc[.]ru/?load=Dragons-Dogma-2-Crack URL Rungamepc[.]ru/?load=Dying-Light-2-Crack URL Rungamepc[.]ru/?load=Monster-Hunter-Rise-Crack Websites Containing Malicious URLs URL Runkit[.]com/wukong/black-myth-wukong-crack-pc URL Runkit[.]com/skylinespc/cities-skylines-ii-crack-pc-full-setup URL Runkit[.]com/masterposte/dying-light-2-crack-on-pc-denuvo-fix URL Runkit[.]com/dz4583276/monster-hunter-rise-crack-codex-pc/1.0.0/clone URL Groups[.]google[.]com/g/hogwarts-legacy-crack-empress URL By[.]tribuna[.]com/extreme/blogs/3143511-black-myth-wukong-full-unlock/ Malware Samples PS b6a016ef240d94f86e20339c0093a8fa377767094276730acd96d878e0e1d624 PS cc29f33c1450e19b9632ec768ad4c8c6adbf35adaa3e1de5e19b2213d5cc9a54 ZIP 632816db4e3642c8f0950250180dfffe3d37dca7219492f9557faf0ed78ced7c ZIP 19d04a09e2b691f4fb3c2111d308dcfa2651328dfddef701d86c726dce4a334a EXE d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207 EXE bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55 HTA fa58022d69ca123cbc1bef13467d6853b2d55b12563afdbb81fc64b0d8a1d511 INTRODUCING MCAFEE+ Keep personal info private, avoid scams, and protect yourself with AI-powered technology. Download McAfee+ Now Stay Updated Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats. McAfee Labs Threat Research Team McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information. MORE FROM MCAFEE LABS Previous FROM SPAM TO ASYNCRAT: TRACKING THE SURGE IN NON-PE CYBER THREATS Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous Remote Access Trojan,” represents a... May 08, 2024 | 10 MIN READ THE DARKGATE MENACE: LEVERAGING AUTOHOTKEY & ATTEMPT TO EVADE SMARTSCREEN Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena McAfee Labs has recently uncovered a novel infection... Apr 29, 2024 | 13 MIN READ REDLINE STEALER: A NOVEL APPROACH Authored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was... Apr 17, 2024 | 10 MIN READ DISTINCTIVE CAMPAIGN EVOLUTION OF PIKABOT MALWARE Authored by Anuradha and Preksha Introduction PikaBot is a malicious backdoor that has been active since early... Apr 02, 2024 | 10 MIN READ CRACKED SOFTWARE OR CYBER TRAP? THE RISING DANGER OF ASYNCRAT MALWARE Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are... Sep 19, 2024 | 14 MIN READ NEW ANDROID SPYAGENT CAMPAIGN STEALS CRYPTO CREDENTIALS VIA IMAGE RECOGNITION Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new type of mobile malware that... Sep 05, 2024 | 10 MIN READ THE SCAM STRIKES BACK: EXPLOITING THE CROWDSTRIKE OUTAGE Authored by Lakshya Mathur, Vallabh Chole & Abhishek Karnik Recently we witnessed one of the most significant... Jul 30, 2024 | 5 MIN READ OLYMPICS HAS FALLEN – A MISINFORMATION CAMPAIGN FEATURING A VOICE CLONED ELON MUSK Authored by Lakshya Mathur and Abhishek Karnik As the world gears up for the 2024 Paris Olympics,... Jul 26, 2024 | 6 MIN READ CLICKFIX DECEPTION: A SOCIAL ENGINEERING TACTIC TO DEPLOY MALWARE Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered a highly unusual method of malware... Jul 11, 2024 | 9 MIN READ QUALITY OVER QUANTITY: THE COUNTER-INTUITIVE GENAI KEY It’s been almost two years since OpenAI launched ChatGPT, driving increased mainstream awareness of and access to... Jun 28, 2024 | 3 MIN READ FAKE BAHRAIN GOVERNMENT ANDROID APP STEALS PERSONAL DATA USED FOR FINANCIAL FRAUD Authored by Dexter Shin Many government agencies provide their services online for the convenience of their citizens.... May 31, 2024 | 7 MIN READ HOW SCAMMERS HIJACK YOUR INSTAGRAM Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user base and dynamic platform, has become... May 14, 2024 | 6 MIN READ FROM SPAM TO ASYNCRAT: TRACKING THE SURGE IN NON-PE CYBER THREATS Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous Remote Access Trojan,” represents a... May 08, 2024 | 10 MIN READ THE DARKGATE MENACE: LEVERAGING AUTOHOTKEY & ATTEMPT TO EVADE SMARTSCREEN Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena McAfee Labs has recently uncovered a novel infection... Apr 29, 2024 | 13 MIN READ REDLINE STEALER: A NOVEL APPROACH Authored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was... Apr 17, 2024 | 10 MIN READ DISTINCTIVE CAMPAIGN EVOLUTION OF PIKABOT MALWARE Authored by Anuradha and Preksha Introduction PikaBot is a malicious backdoor that has been active since early... Apr 02, 2024 | 10 MIN READ CRACKED SOFTWARE OR CYBER TRAP? THE RISING DANGER OF ASYNCRAT MALWARE Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are... Sep 19, 2024 | 14 MIN READ NEW ANDROID SPYAGENT CAMPAIGN STEALS CRYPTO CREDENTIALS VIA IMAGE RECOGNITION Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new type of mobile malware that... Sep 05, 2024 | 10 MIN READ THE SCAM STRIKES BACK: EXPLOITING THE CROWDSTRIKE OUTAGE Authored by Lakshya Mathur, Vallabh Chole & Abhishek Karnik Recently we witnessed one of the most significant... Jul 30, 2024 | 5 MIN READ OLYMPICS HAS FALLEN – A MISINFORMATION CAMPAIGN FEATURING A VOICE CLONED ELON MUSK Authored by Lakshya Mathur and Abhishek Karnik As the world gears up for the 2024 Paris Olympics,... Jul 26, 2024 | 6 MIN READ CLICKFIX DECEPTION: A SOCIAL ENGINEERING TACTIC TO DEPLOY MALWARE Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered a highly unusual method of malware... Jul 11, 2024 | 9 MIN READ QUALITY OVER QUANTITY: THE COUNTER-INTUITIVE GENAI KEY It’s been almost two years since OpenAI launched ChatGPT, driving increased mainstream awareness of and access to... Jun 28, 2024 | 3 MIN READ FAKE BAHRAIN GOVERNMENT ANDROID APP STEALS PERSONAL DATA USED FOR FINANCIAL FRAUD Authored by Dexter Shin Many government agencies provide their services online for the convenience of their citizens.... May 31, 2024 | 7 MIN READ HOW SCAMMERS HIJACK YOUR INSTAGRAM Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user base and dynamic platform, has become... May 14, 2024 | 6 MIN READ FROM SPAM TO ASYNCRAT: TRACKING THE SURGE IN NON-PE CYBER THREATS Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous Remote Access Trojan,” represents a... May 08, 2024 | 10 MIN READ THE DARKGATE MENACE: LEVERAGING AUTOHOTKEY & ATTEMPT TO EVADE SMARTSCREEN Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena McAfee Labs has recently uncovered a novel infection... Apr 29, 2024 | 13 MIN READ REDLINE STEALER: A NOVEL APPROACH Authored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was... Apr 17, 2024 | 10 MIN READ DISTINCTIVE CAMPAIGN EVOLUTION OF PIKABOT MALWARE Authored by Anuradha and Preksha Introduction PikaBot is a malicious backdoor that has been active since early... Apr 02, 2024 | 10 MIN READ Next * 1 * 2 * 3 Back to top * * * * * -------------------------------------------------------------------------------- Corporate Headquarters 6220 America Center Drive San Jose, CA 95002 USA Products McAfee+™ Individual McAfee+™ Family McAfee® Total Protection McAfee® Antivirus McAfee® Safe Connect McAfee® PC Optimizer McAfee® TechMaster McAfee® Mobile Security Resources Antivirus Free Downloads Parental Controls Malware Firewall Blogs Activate Retail Card McAfee Labs Support Customer Service FAQs Renewals Support Community About About McAfee Careers Contact Us Newsroom Investors Legal Terms Your Privacy Choices System Requirements Sitemap -------------------------------------------------------------------------------- United States / English Copyright © 2024 McAfee, LLC Copyright © 2024 McAfee, LLC United States / English Feedback