Security News > 2022 > July > Targeted campaign uses infostealer to hijack Facebook Business accounts

WithSecure researchers have discovered an ongoing operation, dubbed "DUCKTAIL", that targets individuals and organizations operating on Facebook's Ads and Business platform.

DUCKTAIL's operations utilize an infostealer malware component that includes functionality specifically designed to hijack Facebook Business accounts.

The infostealer is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account to which the victim has sufficient access.

The company has found DUCKTAIL scouting for and phishing its targets via LinkedIn, where it selects users likely to have high-level access to a Facebook Business account, especially those with admin privileges.

The DUCKTAIL operation has since continued to update and push out the malware in an attempt to improve its ability to bypass existing or new Facebook security features alongside other implemented features.

Malware targeting social platforms such as Facebook has thus far been relatively uncommon due to the security mechanisms implemented by the platforms.

News URL

https://www.helpnetsecurity.com/2022/07/26/infostealer-used-to-hijack-facebook-business-accounts/