Ducktail malware tries to hijack the accounts of individuals who use Facebook’s Business and Ads platforms, says WithSecure Intelligence.
Social media is one area that cybercriminals love to exploit to attack their victims. And as one of the most popular social networks, Facebook is often in the crosshairs of malware campaigns. A new attack analyzed by cybersecurity provider WithSecure Intelligence targets Facebook business users with the intent of stealing their sensitive data and taking over their accounts.
Using Facebook’s Meta Business Suite, organizations can designate specific employees to communicate with customers, discuss their products and services and create ads to run on Facebook. In the malicious campaign dubbed Ducktail, cybercriminals look for companies that use Facebook’s Business/Ads platform and then target people within the company who may have high-level access to the business accounts. Among the employees singled out in this campaign have been ones in management, digital marketing, digital media and human resources, according to WithSecure.
SEE: Mobile device security policy (TechRepublic Premium)
As the next step, the attackers deploy malware to the potential victims, sometimes delivered through LinkedIn and often hosted on cloud-based services such as Dropbox and iCloud. The malware itself is packaged as an archive file that contains documents, images and videos. With such names as “Project Development Plan” and “Project Information,” the files are designed to coax people into opening them and launching the malware.
Once installed, the malware scans for any of the following browsers: Google Chrome, Microsoft Edge, Brave and Firefox. For each browser, Ducktail extracts all stored cookies, including any for a Facebook session. Using that cookie, the malware then connects with different Facebook endpoints to grab information from the user’s Facebook account.
For personal Facebook accounts, the malware aims to grab the user’s name, email address, birthdate and user ID. For business accounts, it seeks out the name, verification status, ad account limit, owner, role and names of clients. And for associated Facebook ad accounts, it looks for the name, ID, account status, payment cycle, currency and amount spent.
Ultimately, the cybercriminals give themselves admin and finance editor roles on the victim’s Facebook business account. With that goal achieved, they can then fully control the account as well access and modify credit card information, transactions, invoices and payment methods.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
“As businesses become more aware and resilient to traditional ransomware attacks, cybercriminals will look for new ways to convert successful cyberattacks into ill-gotten financial gains,” said Chris Clements, VP of solutions architecture at cybersecurity company Cerberus Sentinel. “Historically we’ve seen similar attacks on social media accounts such as the Twitter hack in July 2020…but the directed approach of targeting Facebook business accounts is a new and interesting angle. Contrasting with prior social media hijacking that makes itself obvious very quickly by posting links to scams or malware, this campaign is stealthier, looking to modify ad spends or introduce ad fraud.”
To protect organizations against these types of social media-driven threats, WithSecure offers the following recommendations:
“Nearly every organization could best improve their cybersecurity defense plans if they focused far more on reducing the likelihood of social engineering compromise,” said Roger Grimes, data-driven defense evangelist at cybersecurity firm KnowBe4. “Every organization should look to see what they can improve in their defense-in-depth plan (e.g., policies, technical defenses, and education) to defeat social engineering. It is because almost no organization appropriately focuses the necessary resources and training against social engineering that hackers and malware [are able] to be so long term successful.”
Click Here For The Original Source
Recently, SEC Chair Gary Gensler issued fresh warnings about cryptocurrencies amid Bitcoin's surge to a…
Pay Dirt is Slate’s money advice column. Have a question? Send it to Athena here. (It’s anonymous!) Dear…
By Virma Simonette & Kelly Ngin Manila and Singapore14 March 2024Image source, Presidential Anti-Organized Crime…
Technology has disrupted many aspects of traditional life. When you are sitting at dinner and…
Reports of suicides, missing bodies, sexual kompromat and emptied bank accounts as fake sangomas con…
A South African woman has been left with her head in her hands after she…