A new malware by the name of the ‘Ducktail’ family has been discovered by cybersecurity researchers to steal Facebook Business accounts. A new report by Kaspersky, a cybersecurity company is using malicious browser extensions to target the employees of the specific organisation. The malware has been targeting the senior positioned employees who are engaged in roles related to HR, social media marketing and digital marketing.
Why the cyber criminals targeting Facebook Business accounts?
The main objective of the cyber attackers is to compromise the Business accounts on the social networking platform led by Mark Zuckerberg. The hacker’s main focus is on the employees in key roles which reflects a strategic approach.
Kaspersky notes that these individuals are more likely to have access to valuable accounts, by making them prime targets for the attackers.
About Ducktail malware:
Ducktail is an information stealer malware and its activities could lead to severe consequences like privacy violations, identity theft and financial losses.
It involves sending out malicious archives containing alluring content related to common themes. These archives house executable files camouflaged with PDF icons and longer file names. This has been done to divert the victim's attention from the true nature of the file.
What are social engineering tactics?
The attackers employ social engineering tactics by carefully using file names which are relevant to the bait and create a persuasive scenario for the victim to click on the files.
For example, file names referred to "guidelines and requirements for candidates," in a fashion-themed campaign will entice the recipients to open the files.
How does the malicious browser extension work?
While opening the executable file, the malware scans for the shortcuts to Chromium-based browsers like Microsoft Edge, Google Chrome, Brave and Vivaldi. Once they are identified, the malware alters the command line, inserting the instructions to install a malicious browser extension. The extension is also a part of the workable file.
Five minutes after the commencing of the infection, the malware is used to terminate the browser process, which will help in prompting the user to restart it by using one of the modified shortcuts. This will ensure the persistence of the compromised system and further enhance the malware's ability to carry out malicious activities.
The Ducktail variant highlights the importance of heightened cybersecurity measures and user awareness to hamper targets which are attacking sensitive business accounts.
ALSO READ: Fortnite's surprise: Eminem takes The Big Bang Finale stage for Epic surprises
Inputs from IANS
