Data – Stealing Malware Hijacking Facebook Business Accounts

Threat Alert: A Vietnamese threat-actor detected targeting Digital Marketing and HR Professionals via LinkedIn to hijack Facebook Business Accounts

The security professionals at WithSecure have recently discovered malware (dubbed DUCKTAIL) that is hijacking Facebook business accounts to use the credit cards linked to those accounts.

In a report that they have released, WithSecure says –

“The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware.

The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim’s Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to.”

They have also recognized that the motive behind the hijack is purely financially driven and that this Malware has been around since the latter half of 2021.

The operators of DUCKTAIL hunt down potential victims on LinkedIn, the ones having access to the Facebook Business Accounts.

These attackers then convince the targets, through social engineering, to download a specific file hosted by a legit cloud host like Dropbox.

This file will consist of brand-related keywords, projects, products, etc. to come across as reliable. But they actually consist of info-stealing malware specifically designed to take over Facebook Business Accounts.

We recommend you to use some good antivirus tools, keep on reviewing the third-party apps that are connected to your Facebook Business Account, and ensure that you are operating only the renowned applications.