Security News > 2022 > July > Novel Malware Hijacks Facebook Business Accounts

Novel Malware Hijacks Facebook Business Accounts
2022-07-26 18:15

A new malware is hijacking high-profile Meta Facebook Business and advertising platform accounts through a phishing campaign that targets LinkedIn accounts.

"The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to," researchers wrote in a blog post accompanying the report.

"These tactics would increase the adversary's chances of compromising the respective Facebook Business all the while flying under the radar," researchers wrote.

Ducktail also has two components dedicated to stealing info from victims, one that's more general, stealing non-Facebook related information, and another that steals info specifically related to Facebook Business and advertising accounts as well as hijacks those accounts, researchers said.

The component of Ducktail dedicated to extracting data from Facebook Business/Ads accounts directly interacts with various Facebook endpoints-either direct Facebook pages or API endpoints-from the victim's machine using a stolen Facebook session cookie, researchers said.

The malware does not establish persistence on a machine, which also allows means it can get in and do its dirty work without alerting the user or flagging Facebook security, researchers said.


News URL

https://threatpost.com/malware-hijacks-facebook/180285/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Facebook 29 0 11 46 54 111