Security News > 2023 > November > Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts.
Ducktail, alongside Duckport and NodeStealer, is part of a cybercrime ecosystem operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts.
In the campaign documented by the Russian cybersecurity firm, potential targets looking for a career change are sent archive files containing a malicious executable that's disguised with a PDF icon to trick them into launching the binary.
The findings underscore a strategic shift in Ducktail's attack techniques and come as Google filed a lawsuit against three unknown individuals in India and Vietnam for capitalizing on the public's interest in generative AI tools such as Bard to spread malware via Facebook and pilfer social media login credentials.
"Defendants distribute links to their malware through social media posts, ads, and pages, each of which purport to offer downloadable versions of Bard or other Google AI products," the company alleged in its complaint.
The archive files include an installer file that's capable of installing a browser extension adept at pilfering victims' social media accounts.
News URL
https://thehackernews.com/2023/11/vietnamese-hackers-using-new-delphi.html
Related news
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)