Security News > 2022 > July > Vietnamese attacker circumvents Facebook security with ‘DUCKTAIL’ malware

Security vendor WithSecure, which was spun out in March 2022 as F-Secure's enterprise security arm, claims it's found malware that targets Facebook Business accounts.

"The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to."

WithSecure has name the malware "DUCKTAIL" and is confident it's run by a Vietnamese entity that attacks by first scouting for companies that operate on Facebook's Business/Ads platform and then looking for people likely to have admin access to those accounts.

If those cookies are found, the malware "Directly interacts with various Facebook endpoints from the victim's machine using the Facebook session cookie to extract information from the victim's Facebook account."

Interactions with Facebook appear benign to The Social Network™, which allows the malware to prowl for more security tokens and even attempt to detect and then subvert two factor authentication.

For starters it again shows the site's security is worryingly porous: in 2020 Facebook techies 'fessed up to the existence of a long-running malware campaign named "SilentFade" that also allowed attackers to buy ads using victims' accounts.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/27/ducktail_facebook_malware/