Thanks to the tireless work of the researchers at Kaspersky it was possible to identify a new and fearsome malware.
This, a new version of the already well-known malicious agent Duck tailis focusing on account theft Facebook Business. This type of interest in such profiles is not surprising: the accounts in question, in fact, are often stolen and then used for malicious advertising campaigns, a practice known as malvertising.
Experts who discovered the campaign explained how the cybercriminals are doing it malicious browser extensions to spread malware. Specifically, cyber criminals appear to be targeting medium-high level company employeesespecially engaged in the human resources sector and digital marketing.
To do this, those who manage the aggression spread phantoms file PDF, with very long names, which in reality turn out to be malicious executables. Once the file is started, a document is opened but also the infection mechanism is triggered.
A new version of the Ducktail malware is hunting Facebook Business accounts
Ducktail falls into the category of infostealerthat is, malicious agents specifically created to attack the privacy of the victims. The purpose of its use, depending on the case, can range from identity theft to that of the credentials of social network e banking platforms.
His modus operandi is quite unique. In fact, as soon as it is activated, the malware searches the computer in search of a browser.
There are some based on Chromium (come Google Chrome, Microsoft Edge, Brave o Vivaldi) alters the links used by the user to launch the software, installing an extension also present in the aforementioned executable file.
When this happens, within a few minutes, Ducktail has full control of the browser and can access an impressive amount of data and information related to the user.
As well as for other similar malicious agents, as well be wary of suspicious attachments of emails (whether executable or PDF), a antivirus at a high level can help dramatically reduce the risks of infection.