Recently discovered, this malware targets professional Facebook accounts in order to extract data from the marketing and human resources sectors.
A cybercriminal operation has been ongoing and has likely been going on for several months, attacking Facebook Business accounts. Malware steals corporate data by attacking high-ranking employees.
Phishing operation
A phishing campaign (phishing in French) is underway and targets the famous social network Facebook. It is more precisely the business accounts of the platform that are targeted.
Privacy protection company WithSecure detected the attack only a few hours ago. She explained that the cybercriminal first scouts his targets on LinkedIn, in order to gain access to their Facebook Business accounts. The operation, baptized “Ducktail” and which would have been set up in Vietnam, would have been active for a minimum of one year.
The operation of this fraudulent campaign is simple. The hacker contacts his victims via social networks and convinces them to download a file stored on a cloud. Targets are trapped because of the presence of keywords related to their company, brand or products. However, the malware also contains a data theft program. And, for the first time, it only targets Facebook business accounts.
A strictly financial objective
Still according to the company WithSecure, the most likely goal of this malicious actor would be pecuniary. After collecting the confidential data of these senior officials, the threat actor uses it to change the company’s financial details.
The operation would aim to use the embezzled money in his favor. Thanks to the transaction information thus obtained, the hacker launches Facebook Ad campaigns for his personal account. Companies find themselves financially harmed, without however quickly noticing the maneuver of which they are victims. The malware therefore has additional time to achieve its goals.
For the time being, WithSecure does not have sufficient elements to affirm that the Ducktail campaign is bearing fruit or not. Nor how many users have already been victims of the malware in question. However, the uniqueness of this malware suggests that the list of targeted companies may grow rapidly. Even if doubt remains and it is impossible to know with certainty whether Facebook Business accounts have been infiltrated.
Source : WithSecure
0