Security News > 2022 > November > Ducktail Malware Operation Evolves with New Malicious Capabilities

The operators of the Ducktail information stealer have demonstrated a "Relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign.

"The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account," WithSecure researcher Mohammad Kazem Hassan Nejad said in a new analysis.

"The operation ultimately hijacks Facebook Business accounts to which the victim has sufficient access. The threat actor uses their gained access to run ads for monetary gain."

Attributed to a Vietnamese threat actor, the Ducktail campaign is designed to target businesses in the digital marketing and advertising sectors which are active on the Facebook Ads and Business platform.

The operation is believed to be underway since the second half of 2021, although evidence points to the threat actor being active as far back as late 2018.

The Facebook Business account information collected by the malware, which is signed using digital certificates obtained under the guise of seven different non-existent businesses, is exfiltrated using Telegram.

News URL

https://thehackernews.com/2022/11/ducktail-malware-operation-evolves-with.html