Security News > 2023 > November > Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts.

Ducktail, alongside Duckport and NodeStealer, is part of a cybercrime ecosystem operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts.

In the campaign documented by the Russian cybersecurity firm, potential targets looking for a career change are sent archive files containing a malicious executable that's disguised with a PDF icon to trick them into launching the binary.

The findings underscore a strategic shift in Ducktail's attack techniques and come as Google filed a lawsuit against three unknown individuals in India and Vietnam for capitalizing on the public's interest in generative AI tools such as Bard to spread malware via Facebook and pilfer social media login credentials.

"Defendants distribute links to their malware through social media posts, ads, and pages, each of which purport to offer downloadable versions of Bard or other Google AI products," the company alleged in its complaint.

The archive files include an installer file that's capable of installing a browser extension adept at pilfering victims' social media accounts.

News URL

https://thehackernews.com/2023/11/vietnamese-hackers-using-new-delphi.html