Hackers using new malware to steal Facebook Business accounts: Report


New Delhi, Nov 26 (IANS): Cybersecurity researchers have discovered a new version of malware from the "Ducktail" family to steal Facebook Business accounts, a new report has shown.

According to the cybersecurity company Kaspersky, cybercriminals are using malicious browser extensions to target company employees who either hold fairly senior positions or work in HR, digital marketing, or social media marketing.

"Their ultimate goal is to hijack Facebook Business accounts, so it makes sense that the attackers are interested in folks most likely to have access to them," the researchers said.

Ducktail is a specifically designed information stealer with serious consequences such as privacy violations, financial losses, and identity theft.

To hack users' FB accounts, cybercriminals behind Ducktail send out malicious archives to their potential victims that contain bait in the form of theme-based images and video files on a common topic.

Inside these archives also include executable files, which contain PDF icons and very long file names to divert the victim’s attention from the exe extension.

Additionally, the names of the fake files appeared to be carefully chosen for relevance so as to persuade the recipients to click on them.

In the fashion-themed campaign, the names referred to “guidelines and requirements for candidates”, but other bait like, say, price lists or commercial offers, can be used as well, the report noted.

After first opening the exe file in the hopes that the victim will not notice anything unusual, it displays the contents of a PDF file that the malicious code has embedded in it.

Notably, the malware simultaneously scans all desktop shortcuts, the Start menu, and the Quick Launch toolbar.

According to the report, the malware searches for shortcuts to Chromium-based browsers, such as Google Chrome, Microsoft Edge, Vivaldi, and Brave.

"Having found one, the malware alters its command line by adding an instruction to install a browser extension, which is also embedded in the executable file," said the researchers.

"Five minutes later, the malicious script terminates the browser process, prompting the user to restart it using one of the modified shortcuts," they added.

 

  

Top Stories


Leave a Comment

Title: Hackers using new malware to steal Facebook Business accounts: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.