Il malware Duck tail it is certainly not an unknown name for those who frequent the cybersecurity environment.
We are talking about a malicious agent that has been active since the first half of 2021 and which, during its period of activity, has targeted several Facebook business accounts in dozens and dozens of countries. Among the vectors preferred by those who organize these campaigns are LinkedIn e WhatsAppwith the use of techniques that fall within the definition of spear-phishing.
According to a report by KasperskyHowever, there are some recent news regarding the diffusion of Ducktail. In fact, this malware, in recent times, seems to be the protagonist of a massive campaign against the fashion and clothing sector.
Recent attacks have been carried out through archives containing images of authentic products, accompanied by a Malicious executable file disguised as PDF. The offending archives are surgically sent to individuals who work in the sector, attracted by the prospect of a job opportunity.
Once victims’ Facebook business accounts are obtained, they can be resold to other cybercriminals or used for other purposes campagne malvertising.
Ducktail attacks fashion and clothing: how to avoid malware?
What makes everything more difficult for potential victims is the use of programming language Delphi. This results in Ducktails being more difficult to locate antivirus and similar tools.
The social engineering techniques applied to spread malware are also quite advanced, requiring great attention from the potential victim. Second Amelia Buckthreat intelligence analyst at Menlo Security “Legitimate-looking image files of products from well-known fashion brands build trust before delivering infected PDFs“.
In this sense, for the expert, it is good to always be skeptical when receiving gods unsolicited files and coming from unknown senders. Avoid macros e check the attachments through scanning tools, are strongly recommended practices.
Since Ducktail operates through social networks, it is important to protect your accounts. From this point of view, the adoption of a multi-factor authentication, can present another barrier in front of attackers. Finally, also the use of a password manager can provide more security to users.