A Newly Discovered Malware Hijacks Facebook Business Accounts
An ongoing cybercriminal operation is targeting digital marketing and human resources professionals in an effort to hijack Facebook Business accounts using a newly discovered data-stealing malware. TechCrunch reports: Researchers at WithSecure, the enterprise spin-off of security giant F-Secure, discovered the ongoing campaign they dubbed Ducktail and found evidence to suggest that a Vietnamese threat actor has been developing and distributing the malware since the latter half of 2021. The firm added that the operations' motives appear to be purely financially driven. The threat actor first scouts targets via LinkedIn where it selects employees likely to have high-level access to Facebook Business accounts, particularly those with the highest level of access. The threat actor then uses social engineering to convince the target to download a file hosted on a legitimate cloud host, like Dropbox or iCloud. While the file features keywords related to brands, products, and project planning in an attempt to appear legitimate, it contains data-stealing malware that WithSecure says is the first malware that they have seen specifically designed to hijack Facebook Business accounts. Once installed on a victim's system, the Ducktail malware steals browser cookies and hijacks authenticated Facebook sessions to steal information from the victim's Facebook account, including account information, location data, and two-factor authentication codes. The malware also allows the threat actor to hijack any Facebook Business account that the victim has sufficient access to simply by adding their email address to the compromised account, which prompts Facebook to to send a link, via email, to the same email address. The recipient -- in this case, the threat actor -- then interacts with the emailed link to gain access to that Facebook Business. The threat actors then leverage their new privileges to replace the account's set financial details in order to direct payments to their accounts or to run Facebook Ad campaigns using money from the victimized firms.
Read more of this story at Slashdot.