Select Page

The operators of the Ducktail information stealer have demonstrated a “relentless willingness to persist” and continued to update their malware as part of an ongoing financially driven campaign.

“The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim’s Facebook account,” WithSecure researcher Mohammad Kazem Hassan Nejad said in a new analysis.

“The operation ultimately hijacks Facebook Business accounts to which the victim has sufficient access. The threat actor uses their gained access to run ads for monetary gain.”

Attributed to a Vietnamese threat actor, the Ducktail campaign is designed to target businesses in the digital marketing and advertising sectors which are active on the Facebook Ads and Business platform.

Also targeted are individuals within prospective companies that are likely to have high-level access to Facebook Business accounts. This includes marketing, media, and human resources personnel.

images from Hacker News