Researchers from WithSecure (formerly F-Secure) have revealed details of a new spear phishing campaign targeting Facebook business accounts. The campaign is active at least from July 2021.
The attack, according to researchers, involves the use of malware called Ducktail, designed to steal web browser cookies for authentic Facebook sessions and Facebook account information. The goal is to steal every business account that the victim can access.
According to WithSecure, Ducktail targets „individuals and organizations“ using Facebook ads and business services. People involved in digital marketing, management, human resources and digital media are prime targets.
The modus operandi of the campaign is such that the attackers locate targets via Linkedin.
„If you have administrative access to corporate social media accounts, it is important to exercise caution when interacting with others on social media platforms, especially when dealing with attachments or links sent by individuals you do not know“.
Researchers are convinced that the attackers are from Vietnam, where they are carrying out this campaign, and their motive is profit. The campaign was noticed earlier this year. Researchers believe that there is currently no specific sector or geographic target.
According to a report by WithSecure, the malware samples were hosted on cloud services such as MediaFire, iCloud and Dropbox. Malware is delivered to targeted individuals via Linkedin as they typically have Facebook business accounts.
Ducktail can collect general information and steal data related to Facebook, which is then exfiltrated.
The attacker has full control over the account and edits business credit card or other financial details such as transactions, payment methods, etc.
The best way to protect yourself from Ducktail is to be careful when opening emails and attachments from unknown senders and to avoid opening links in emails.
Avoid opening links or downloading attachments sent by anonymous users via Linkedin or Facebook Messenger. You should also always use strong passwords and two-factor authentication whenever possible.
Keep your device updated with the latest patches to reduce the risk of getting infected with Ducktail or any other malware.