Security News > 2022 > November > Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts
A cybercriminal operation tracked as Ducktail has been hijacking Facebook Business accounts causing losses of up to $600,000 in advertising credits.
The gang has been spotted before using malware to steal Facebook-related information and hijack associated business accounts to run their own ads that are paid for by the victim.
Believed to be the work of a threat actor based in Vietnam, Ducktail was first documented earlier this year targeting individuals with high-level access to the Facebook business account that enables companies to reach a specific audience through paid campaigns and advertisements.
The threat actor contacted some of its newest victims over WhatsApp to lure them into accepting and executing malicious payloads that would steal sensitive information or provide the attacker access to the Facebook business account.
"One of the unique features of the malware is its ability to hijack Facebook Business accounts associated with the victim's Facebook account. It attempts to grant the threat actor's emails access to the business with the highest privilege roles," researchers say in a report in July.
As per WithSecure, what the two campaigns have in common is just the theft of information from the victim's Facebook account by using various Facebook pages and API endpoints.