The operators of the Ducktail information stealer demonstrate once again a willingness to persist, as they have updated their malware to use in an ongoing financially driven campaign.

Cybersecurity researchers say that the malware is used to steal browser cookies and take advantage of Facebook sessions to steal information from victims’ accounts. Ultimately, the purpose is to hijack Facebook Business accounts to gather money through ads.

Details on Ducktail

The Ducktail campaign, attributed to a Vietnamese threat actor, is intended to target companies involved in digital marketing and advertising that are active on the Facebook Ads and Business platform.

According to TheHackerNews, people working for potential employers who are likely to have access to Facebook Business accounts are targeted. Personnel in marketing, the media, and human resources are included. It is unclear when the operation started. It is believed to have been underway since the latter half of 2021, but there is evidence that tracks the threat actor’s activity as far back as 2018.

Updated Version of the Malware

Forced to stop operating the malware on the 12th of August 2022, the threat actor reappeared on September 6th, bringing to the malware a number of modifications built in to evade detection.

Due to the threat actor’s diversification of spear-phishing techniques, infection chains now start with the delivery of archive files containing spreadsheet documents hosted on Apple iCloud and Discord through channels like LinkedIn and WhatsApp.

The information on the Facebook Business accounts collected by the malware is exfiltrated using Telegram.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

New Ransomware Trick: Encrypting Files Then Stealing Discord Accounts

New PHP Malware Targets Business and Regular Facebook Accounts

Phishing Campaign Abuses LinkedIn Smart Link

Info-Stealing Malware Pushed Through WhatsApp Messages

What is Spear Phishing? Definition, Examples, Prevention Strategies

Leave a Reply

Your email address will not be published. Required fields are marked *