This new malware hijacks Facebook business accounts
- Posted on July 27, 2022
- Technology
- By Glory
Digital marketing experts are the focus of an
ongoing cybercrime operation that aims to compromise Facebook Business accounts
deploying newly found malware that steals data.
The ongoing effort, which they named Ducktail, was
uncovered by researchers at WithSecure, the business division of security firm
F-Secure. They also found some evidence that a Vietnamese malicious
actor has been creating and disseminating the malware since the second
half of 2021. The business noted that it appears that the operations are only
conducted for financial gain.
The threat actor initially conducts a target
scouting operation on LinkedIn, picking out professionals who are most likely
to have a higher access to Facebook Business accounts, especially those with
the most access, according to TechCrunch.
The hacker will then attempt to persuade the
victim to download a file from a trusted cloud server, such as Dropbox or
iCloud, using media manipulation. While the file attempts to look authentic by
containing terms relevant to companies, products, and project planning, it
usually contains data-manipulating malware that WithSecure claims is the
first virus they have seen that is especially made to sabotage Facebook
Business accounts.
When Ducktail malware is installed on a victim's
computer, it hijacks authorized Facebook transactions and collects browser
cookies to access the victim's Facebook profile and collect data such as
account information, location information, and two-factor authentication codes.
By linking the target's email address to the
infiltrated account, which causes Facebook to send a link through email to
the same email address, the malware enables the malicious user to steal any
Facebook Business account that the target has easy accessibility.
In order to access the Facebook Business, the
recipient—in this scenario, the threat actor—interacts with the email link.
According to Mohammad Kazem Hassan Nejad, a researcher and malware expert from
WithSecure Intelligence, this approach represents the usual process used to
provide persons "access to a Facebook Business, and thus circumvents
security" protections developed by Meta to protect users against
such exploitation.
In steering transactions to their accounts or to
launch Facebook Ad campaigns with funds from the compromised businesses, the
threat actors use their unauthorized access to replace the account's
predetermined financial information.
When asked how many users may have been affected by
the Ducktail campaign, WithSecure, after it shared its findings with
Meta, stated that it was still unable to "determine the success, or lack
thereof," of the campaign. It also mentioned that it had not noticed any
regional patterns in Ducktail's profiling, as potential victims are from
across Europe, the Middle East, Africa, and North America.
A representative for Meta said in a statement to
TechCrunch that the company welcomes security study into the issues affecting
the sector. The spokesperson said the company is aware that these
malevolent entities will keep attempting to avoid its detection in
the highly aggressive environment. "We are aware of these particular
scammers, regularly enforce against them, and continue to update our
systems to detect these attempts." They advise users to be
careful when choosing the apps they install on their phones
and computers since this type of malware is frequently obtained via
off-platform sources.
Be the first to comment!
You must login to comment