• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new php version of ducktail malware hijacking facebook business accounts

New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts

You are here: Home / General Cyber Security News / New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts
October 14, 2022

A PHP variation of an details-thieving malware known as Ducktail has been uncovered in the wild remaining distributed in the type of cracked installers for legitimate apps and online games, in accordance to the most recent results from Zscaler.

“Like more mature variations (.NetCore), the most recent version (PHP) also aims to exfiltrate delicate info associated to saved browser credentials, Fb account details, and so on.,” Zscaler ThreatLabz scientists Tarun Dewan and Stuti Chaturvedi mentioned.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Ducktail, which emerged on the danger landscape in late 2021, is attributed to an unnamed Vietnamese menace actor, with the malware generally designed to hijack Facebook company and advertising and marketing accounts.

The monetarily motivated cybercriminal operation was 1st documented by Finnish cybersecurity firm WithSecure (previously F-Secure) in late July 2022.

Hacking Facebook Business Accounts

Though former variations of the malware ended up located to use Telegram as a command-and-handle (C2) channel to exfiltrate details, the PHP variant noticed in August 2022 establishes connections to a recently hosted web-site to retail store the details in JSON structure.

Attack chains observed by Zscaler entail embedding the malware in ZIP archive information hosted on file-sharing companies like mediafire[.]com, masquerading as cracked variations of Microsoft Business, online games, and porn-associated documents.

CyberSecurity

Execution of the installer, in change, activates a PHP script that finally launches the code liable for thieving and exfiltrating data from web browsers, cryptocurrency wallets, and Fb Organization accounts.

“It appears to be that the risk actors driving the Ducktail stealer marketing campaign are constantly making changes or enhancement in the shipping and delivery mechanisms and approach to steal a extensive wide variety of delicate consumer and technique facts targeting consumers at massive,” the researchers said.

Discovered this post fascinating? Follow THN on Facebook, Twitter  and LinkedIn to study additional distinctive articles we put up.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «malwarebytes unveils new mdr service to help bridge cyber skills Malwarebytes unveils new MDR service to help bridge cyber skills gap
Next Post: Mormon Church reveals data breach seven months after incident transpired mormon church reveals data breach seven months after incident transpired»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.