A new phishing campaign is targeting Facebook users and it is spreading a new malware.
A New Phishing Campaign Is Targeting Facebook Users
A popular phishing campaign known as Ducktail that hijacks new Facebook accounts running advertising campaigns for businesses is at the moment distributing a new infostealer malware.
According to researchers at Zscaler, Ducktail prior to this made use of LinkedIn in distributing a piece of malware that was written in .NET core that would steal Facebook business account data that are stored in a web browser and then exfiltrate it into a private telegram channel which then acted as the command and control server (C2) of the malware, communicating with target systems in coordinating cyberattacks.
Ducktail Is Distributing a New Malware Variant to Steal Facebook-Adjacent Data
However, ducktail at this very moment has been seen distributing a new malware variant that cannot only steal Facebook-adjacent data but also other sensitive data that are stored in browsers like data that is related to cryptocurrency wallets, account information, and basic system data.
The C2 also has seen changes which means that the data no longer goes to a telegram channel but rather it goes to a JSON website that also stores account tokens and other related data that are needed for on-device fraud.
Platform Zscaler also claimed that the malware is being shared as an archive file that is uploaded to a legitimate file hosting service. The attackers according to them made sure that the malware does not get flagged by antivirus software by simply loading in memory only.
Users Can Cut Down the Damage by Switching To an Anonymous Browser
Users can cut down the damage caused by Ducktail and other malware by switching to an anonymous browser, or simply by making sure they do not save sensitive information in their browser of choice.
This is really important because, if malware happens to compromise an endpoint with a Facebook Business account, they may search for additional sensitive financial details like PayPal data. This is inclusive of the amounts spent on certain purchases, verification statuses, and many more.
How People Are Tricked By the Malware
In many cases, attackers making use of malware try to trick people into downloading it simply by presenting it as movie subtitle files, adult content, or cracks for illegitimate software.
And while it is true that Ducktail’s new infostealer could be evading antivirus software, software that comes with in-built web protection could still be of great help against it by blocking access to suspicious sites that may be carrying it.