Cybersecurity researchers recently uncovered a fresh variant of malware within the "Ducktail" family, targeting the theft of Facebook Business accounts, according to a new report by Kaspersky, a leading cybersecurity company.
The attack strategy involves the use of malicious browser extensions, specifically targeting employees in higher-ranking positions or those involved in HR, digital marketing, or social media marketing within companies. The goal is to compromise Facebook Business accounts, making these particular employees prime targets for the cybercriminals behind Ducktail.
Ducktail, categorized as an information-stealing malware, poses severe risks including privacy breaches, financial losses, and identity theft.
The cybercriminals leverage deceptive tactics by sending out bait in the form of theme-based images and video files on various common topics, concealed within malicious archives. These archives contain executable files that bear PDF icons and lengthy file names, designed to divert the victim's attention from the exe extension.
The names of these fabricated files are meticulously selected to seem relevant and compelling, aiming to entice recipients into opening them. For instance, in a fashion-themed campaign, file names hinted at "guidelines and requirements for candidates," while other baits such as price lists or commercial offers could also be employed, as noted in the report.
Once the victim opens the exe file, hoping not to notice anything suspicious, the malware displays a PDF file's contents that embeds malicious code within it.
Interestingly, the malware performs simultaneous scans across desktop shortcuts, the Start menu, and the Quick Launch toolbar. Specifically targeting Chromium-based browsers like Google Chrome, Microsoft Edge, Vivaldi, and Brave, the malware modifies the command line of shortcuts by embedding instructions to install a browser extension within the executable file itself.
Following this, the malicious script terminates the browser process, prompting the user to restart it using the modified shortcuts, effectively executing the installed browser extension.
This sophisticated and deceptive method poses a serious threat, emphasizing the need for heightened vigilance and robust cybersecurity measures to counter such malicious attempts.
(With Agency Inputs)
ALSO READ | Microsoft's role in OpenAI fiasco could raise anti-trust concerns in US
