With Great Research Comes Great Responsibility.
Welcome to our research and development platform: WithSecure Labs. Here we dissect industry news and trends, publish research, and share our tools with the security community.
DUCKTAIL: An infostealer malware targeting Facebook Business accounts
WithSecure™ has discovered an ongoing operation (dubbed "DUCKTAIL") that targets individuals and organizations that operate on Facebook’s Business and Ads platform.
The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware. The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to.
Based upon analysis and gathered data, we have determined that the operation is conducted by a Vietnamese threat actor. The chain of evidence suggests that the threat actor’s motives are financially driven.
A full report containing detailed analysis of DUCKTAIL’s malware component, recommendations and protection, as well as appendices containing indicators of compromise, detection opportunities, and MITRE ATT&CK techniques can be found in the PDF report.