In the recent news, a newly discovered data-stealing novel malware is hijacking Facebook Business accounts. Researchers at WithSecure, the enterprise spin-off of security giant F-Secure, discovered the ongoing campaign they dubbed Ducktail and found evidence to suggest that a Vietnamese threat actor has been developing and distributing the malware since the latter half of 2021. According to Facebook, the operations’ motives appear to be purely financially driven.
Threat Actors Employees with High-Level Access to Facebook Business Accounts
The threat actors first scout targets via LinkedIn where it chooses employees likely to have high-level access to Facebook Business accounts, especially those with the highest level of access. “We believe that the Ducktail operators carefully select a small number of targets to increase their chances of success and remain unnoticed,” said Mohammad Kazem Hassan Nejad, a researcher and malware analyst at WithSecure Intelligence. “We have observed individuals with managerial, digital marketing, digital media, and human resources roles in companies to have been targeted.”
Moreover, the hijackers then employ social engineering to convince the target to download a file hosted on a legitimate cloud host, like Dropbox or iCloud. While the file features keywords related to brands, products, and project planning in an attempt to appear legitimate, it contains data-stealing novel malware that WithSecure says is the first malware that they have seen specifically designed to hijack Facebook Business accounts.
Malicious Groups Will Keep Trying to Evade the Social Platform’s Detection
A spokesperson for Meta stated in a statement, “We welcome security research into the threats targeting our industry. This is a highly adversarial space and we know these malicious groups will keep trying to evade our detection. We are aware of these particular scammers, regularly enforce against them, and continue to update our systems to detect these attempts. Because this malware is typically downloaded off-platform, we encourage people to be cautious about what software they install on their devices.”
Read more: Meta to Shut Down its Couples App, Tuned