In phishing attacks, a new version of Ducktail malware is being used to steal data and take over Facebook accounts.
This new campaign, which was reported by BleepingComputer (opens in a new tab), employs a revised version of Ducktail, which is based in PHP rather than the previous version, which was used to target Facebook Business users over the summer.
The Ducktail malware, which includes your Facebook account and the data it contains, may also steal other sensitive information stored in your browser, such as credentials to your online accounts and even funds from some of the best cryptocurrency wallets.
Delays in Ducktail are relocating to regular Facebook users.
While the original Ducktail malware campaign was initially developed to engage individuals and organizations using the Facebooks Ads and Business platform through social engineering on LinkedIn, this new campaign has a much wider scope and includes regular Facebook users as well as Facebook Business users.
Ducktail gathers additional information on victims payment methods, cycles, amounts, and PayPal address when the account in question turns out to be a commercial account instead of a regular one.
In a blog post (opens in a new tab), cloud security company Zscaler reveals further how this new campaign differs from the previous one, stating that:
The threat actors in the Ducktail stealer campaign are making changes or enhancements in the delivery of certain user and system information to large ranges of visitors. ThreatLabz is constantly monitoring the campaign and will make additional findings available.
The hackers behind this new Ducktail malware campaign use a number of fake lures to trick users into downloading malicious ZIP files. These malicious files are compatible with Microsoft Office and other software, games, subtitle files, adult content.
While they see a pop-up which reads Application Compatibility, the Ducktail infostealer malware is especially dangerous, as it is capable to maintain persistence and remain on a victims machine by adding scheduled tasks that are executed daily at regular intervals.
While the data from a victims computer was then removed, it is now stored on a JSON website by the cybercriminals behind this new campaign.
How to Make Sure That Ducktail Work
This is because you may not download pirated software or games, and this includes game mods and cheats designed to give you an edge over the competition.
Keeping your phone confidential should be avoided if you receive new messages on LinkedIn, while also eliminating downloading files from sites or people you know. Installing one of the best antivirus software suites can help keep you safe, since these programs may identify malware as harmful before it is even installed on your system.
When it comes to protecting your credentials, you should avoid storing your passwords inside your browser, and instead use one of the best password managers. While maintaining your credentials secure, most password managers also allow you to create powerful, complex passwords for each of your online accounts.
As phishing initiatives using the Ducktail malware have been successful and beneficial for the cybercriminals who created it, anticipate to have extended campaigns targeting users in new ways online.