• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
ducktail malware operation evolves with new malicious capabilities

Ducktail Malware Operation Evolves with New Malicious Capabilities

You are here: Home / General Cyber Security News / Ducktail Malware Operation Evolves with New Malicious Capabilities
November 23, 2022

The operators of the Ducktail information and facts stealer have demonstrated a “relentless willingness to persist” and ongoing to update their malware as section of an ongoing monetarily driven marketing campaign.

“The malware is created to steal browser cookies and consider benefit of authenticated Facebook sessions to steal info from the victim’s Fb account,” WithSecure researcher Mohammad Kazem Hassan Nejad reported in a new analysis.

“The procedure in the end hijacks Facebook Enterprise accounts to which the sufferer has adequate access. The menace actor employs their acquired accessibility to run ads for monetary achieve.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Attributed to a Vietnamese threat actor, the Ducktail marketing campaign is intended to goal corporations in the digital promoting and advertising sectors which are active on the Facebook Advertisements and Small business platform.

Also qualified are men and women within just potential firms that are most likely to have substantial-amount accessibility to Fb Small business accounts. This incorporates advertising and marketing, media, and human means personnel.

The malicious exercise was very first documented by the Finnish cybersecurity firm in July 2022. The operation is believed to be underway considering that the 2nd 50 percent of 2021, whilst proof points to the threat actor staying lively as much back again as late 2018.

Ducktail malware

A subsequent investigation by Zscaler ThreatLabz final thirty day period uncovered a PHP edition of the malware distributed as installers for cracked software program. WithSecure, even so, stated the action has no connection by any means to the marketing campaign it tracks below the Ducktail moniker.

The hottest iteration of the malware, which resurfaced on September 6, 2022, immediately after the menace actor was compelled to halt its functions on August 12 in reaction to public disclosure, comes with a host of improvements included to circumvent detection.

An infection chains now commence with the shipping and delivery of archive information that contains spreadsheet files hosted on Apple iCloud and Discord through platforms like LinkedIn and WhatsApp, indicating diversification of the menace actor’s spear-phishing ways.

The Facebook Company account information gathered by the malware, which is signed working with electronic certificates acquired below the guise of seven diverse non-existent corporations, is exfiltrated utilizing Telegram.

“An intriguing shift that was observed with the latest campaign is that [the Telegram command-and-control] channels now include various administrator accounts, indicating that the adversary may possibly be working an affiliate program,” Nejad explained.

Uncovered this posting interesting? Follow THN on Fb, Twitter  and LinkedIn to go through much more special content material we write-up.


Some components of this report are sourced from:
thehackernews.com

Previous Post: «top cyber threats facing e commerce sites this holiday season Top Cyber Threats Facing E-Commerce Sites This Holiday Season
Next Post: 34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware 34 russian cybercrime groups stole over 50 million passwords with»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.