Facebook accounts Hacked – Save yourself now from Ducktail Malware

Facebook is once again under hijack attacks. The new version of Ducktail Malware is all set to steal sensitive data and Facebook accounts of users. 

The older version of the malware was written in Netcore that was used to target Facebook business users using Facebooks ads, and business platforms through social engineering on LinkedIn and their sensitive information saved in the browsers, such as the login information for the online accounts and even funds from some of the top cryptocurrency wallets.

Read More: Access Crypto Platforms safely

Ducktail Malware Returns with PHP 

The new Ducktail Malware campaign is written in PHP and has returned with a much larger scope. The malware now targets regular Facebook users in addition to Facebook business users.

Even so, if the malware determines that the account type is a business account, it will try to retrieve more data, including payment methods, cycles, spending amounts, owner details, verification status, owned pages, PayPal addresses, and more.

Zscaler said it detected a campaign using cracked versions of popular games and software applications to distribute the Ducktail infostealer

-Ducktail focuses on stealing FB business accounts
-malware linked to Vietnamese threat actorhttps://t.co/d7iEUKbDEA pic.twitter.com/rWskotPOXO

— Catalin Cimpanu (@campuscodi) October 14, 2022

The cloud security company Zscaler provides further insight on how this new campaign is more advanced than the previous one, saying:

“It seems that the threat actors behind the Ducktail stealer campaign are continuously making changes or enhancements in the delivery mechanisms and approach to steal a wide variety of sensitive user and system information targeting users at large. Zscaler’s ThreatLabz team is continuously monitoring the campaign and will bring to light any new findings that it will come across.”

With this latest Ducktail malware campaign, cybercriminals trick users into downloading malicious ZIP files in order to infect their computers and steal their Facebook accounts. These harmful files appear as free or cracked versions of Microsoft Office and other software, games, subtitle files, and other content, among other things.

If a user by chance unzips one of these Zip files, the Ducktail info stealer malware is installed in the background while they see a pop-up that reads “Checking Application Compatibility.” This malware is particularly dangerous, as it is able to achieve persistence and remain on a victim’s machine by adding scheduled tasks that are executed daily at regular intervals.

Previously the data exfiltrated from a victim was sent to Telegram but now it is stored in a JSON website that is under the hands of the cybercriminals running this new campaign.

How to stay protected?

• Avoid downloading pirated software or games. 
• Avoid downloading files from people you don’t know. 
• Install the best anti-virus software.
• Use the best password managers.