[ad_1]
WithSecure researchers discovered an operation dubbed “DUCKTAIL” targeting individuals and organizations operating on the Facebook Ads and Business platform.
Based on the analysis and collected information, the company has high confidence that the operation is a threat actor in Vietnam. The chain of evidence suggests that the risk actor’s motive was financial.
The campaign and the malware
DUCKTAIL exploits a component of the InfoStealer malware, which includes functions specifically designed to hack into Facebook business accounts. This is the first activity known to WithSecure and distinguishes DUCKTAIL from previous Facebook-centric malware operations. The informant is designed to steal browser cookies and use authenticated Facebook sessions to steal information from the victim’s Facebook account and eventually hack the victim’s Facebook business account.
The company found DUCKTAIL to scout Facebook business accounts, specifically users with admin privileges, and phishing its targets through LinkedIn.
“We believe that DUCKTAIL operators carefully select a small number of targets to maximize their chances of success and remain unnoticed. We have seen individuals in management, digital marketing, digital media and HR roles in companies being targeted,” said Mohammed Kazem Hassan Nejad, researcher at WitSecure Intelligence.
Initially detected as unknown malware, WithSecure began monitoring and analyzing its operations earlier this year, and the threat actor has been developing and distributing DUCKTAIL-related malware since the second half of 2021. By extracting malware to improve its ability to bypass existing or new Facebook security features with other implemented features.
Social media accounts are searched for malicious purposes.
WithSecure has solutions for endpoint protection platforms (EPP) and endpoint detection and response (EDR) such as static and behavioral detection signatures and detections for multiple stages of the attack lifecycle.Mohamed Kazem Hassan Nejad Alertness and vigilance are key to avoiding becoming a victim.
“Many spear phishing campaigns target users on LinkedIn. If managing corporate social media accounts, it’s important to exercise caution when interacting with others on social media platforms, especially when viewing attachments or links sent by strangers.
The popularity of social networks and media platforms is increasing. Unfortunately, this attracts cybercriminals who use it for their own gain, such as malware distribution, theft, disinformation campaigns, and fraud. Malware targeting social platforms such as Facebook has so far been relatively uncommon due to the security mechanisms implemented by the platforms. Still, the wide reach and user base make it an interesting attack vector for malicious actors to exploit.
WithSecure shared the research with Facebook’s parent company Meta before it was released. A detailed account of DUCKTAIL’s operation and an overview of the attack using the MITER framework can be found here.
[ad_2]
Source link
