Updated on 2022-11-23
WithSecure researchers observed the Vietnam-based Ducktail info-stealer targeting organizations operating on Facebook’s Business/Ads platform to hijack their accounts. Read more: Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts
Updated on 2022-11-22
WithSecure says the DUCKTAIL malware operation has returned with new attacks after the company exposed its operations earlier this summer in July. The malware, believed to be operated from Vietnam, is known for targeting the Facebook profiles of people from the digital marketing and advertisement space with the primary goal of hijacking their Ads and Business accounts. See WithSecure’s technical report here/PDF. Read more:
- DUCKTAIL returns: Underneath the ruffled feathers
- DUCKTAIL: An infostealer malware targeting Facebook Business accounts
Updated on 2022-10-14
Zscaler said it detected a campaign using cracked versions of popular games and software applications to distribute the Ducktail infostealer. Read more: New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts
“Ducktail has been around since 2021, and is attributed to a Vietnamese threat group. Campaigns to-date have focused on taking over Facebook Business accounts, both to manipulate pages and to access financial information.”
Overview
Zscaler ThreatLabz stumbled upon a new campaign that uses a PHP version of the Ducktail infostealer masquerading as a free app for games, MS Office, Telegram, and others. Read more: New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts
