The Ducktail malware was discovered a few months ago and mainly targets people and businesses who use Facebook business accounts. The program took over a year to develop and was distributed via email. The attackers use social engineering techniques and select targeted people via the LinkedIn recruitment network. The application is delivered in the form of an archive with photos, videos and documents. Once the file is downloaded and opened, browser cookies are read and sent to the hackers’ server.
A new version of malware has now been detected that is difficult to detect by antivirus applications. annoying Zscaler A fake app that contains a PHP interpreter and various text files has been installed. To ensure that the components are actually working, the malware creates tasks in the task scheduler. The actual code used to steal Facebook accounts is a base64-encoded PHP script. The content is decoded directly in memory, so the code is not cached on disk and therefore not necessarily recognized.
Developers are also targeting personal accounts
In addition to business accounts, Ducktail should also target private user accounts. If business accounts are compromised, an attempt is made to access payment method information. Due to the further development of the Ducktail program, it can be assumed that the hackers behind the malware will continue to work on the program to release new variants. As usual, it’s a good idea to be wary of messages from unknown senders and to check files closely before downloading them to avoid installing malware.
See also:
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”
More Stories
NASA receives the message via a laser beam from a distance of 226 million kilometers
Upgrade using 20 GPUs and 20 CPUs in testing [Update 3]
Raspberry Pi5 as desktop replacement after 5 months