Security News > 2023 > November > Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts.
Ducktail, alongside Duckport and NodeStealer, is part of a cybercrime ecosystem operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts.
In the campaign documented by the Russian cybersecurity firm, potential targets looking for a career change are sent archive files containing a malicious executable that's disguised with a PDF icon to trick them into launching the binary.
The findings underscore a strategic shift in Ducktail's attack techniques and come as Google filed a lawsuit against three unknown individuals in India and Vietnam for capitalizing on the public's interest in generative AI tools such as Bard to spread malware via Facebook and pilfer social media login credentials.
"Defendants distribute links to their malware through social media posts, ads, and pages, each of which purport to offer downloadable versions of Bard or other Google AI products," the company alleged in its complaint.
The archive files include an installer file that's capable of installing a browser extension adept at pilfering victims' social media accounts.
News URL
https://thehackernews.com/2023/11/vietnamese-hackers-using-new-delphi.html
Related news
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)