Ducktail Malware Hijacks Facebook Accounts

Ducktail, a new version of an infostealer malware, is running rampant over Facebook. This phishing campaign can access private data on any infected system and it can even take control of Facebook accounts.

Phishing attacks continue to plague the web as cybercriminals try to steal money, user information, and financial data. Ducktail is one of the latest campaigns, one that first appeared in July 2022 when it targeted Facebook business accounts exclusively. Now, it’s also targeting regular users for their Facebook account data, browser data, and even system data.

Facebook accounts generate and contain a lot of data, but Meta can’t keep all of it safe from determined hacker groups. It seems that the new Ducktail variant can avoid most antivirus software, so defending yourself may take some effort.

What Is Ducktail?

According to Zscaler, a cloud security company, Ducktail is a data-stealing malware that’s distributed through a wide range of apps and games. It was first spotted in 2021 and it’s believed to be primarily used by a cyber criminal group from Vietnam. 

In July 2022, a new Ducktail campaign targeted Facebook business accounts with the goal to steal data and hijack the accounts of high-level employees. Zscaler’s research team then said:

It seems that the threat actors behind the Ducktail stealer campaign are continuously making changes or enhancement in the delivery mechanisms and approach to steal a wide variety of sensitive user and system information targeting users at large.

Since the initial campaign, Ducktail has been enhanced and it’s now used to target general Facebook users. The malware is distributed through download links and phishing emails. So, if you’ve downloaded pirated games, applications, or freeware, your system might be infected.

Once Ducktail is on your device, it can exfiltrate your browser data, record login information, steal cryptocurrency account data, and take over your Facebook account. In other words, Ducktail’s goal is to steal all your valuable digital information, so it’s vital to avoid getting infected in the first place.

Infographic of how Ducktail malware works.
Infographic of how Ducktail malware works. Credit WithSecure.com

How to Protect Your Data from Ducktail

Zscaler also mentioned in its analysis that Ducktail isn’t noticed by antivirus software because it only loads in memory. Most antiviruses don’t flag it as a threat. This means that your only option to prevent getting infected with the malware is following a set of strict precautionary measures. Here’s what you need to do:

  1. Don’t download apps and games from suspicious sources. Make sure you avoid pirated software in particular and check the company that’s distributing the apps. 
  2. Be cautious with links. Don’t click on any link you’ve received through an unsolicited email or a Facebook message.
  3. Secure your network connection with a reputable VPN. Use CyberGhost VPN to encrypt your data and hide your real IP from hackers.
  4. Create powerful passwords and password protect your archive files where you keep confidential data.
  5. Use two-factor authentication on all of your important accounts. Facebook also offers 2FA, so you can minimize the risk of someone hijacking your account.

Cyber criminals target regular Facebook users with malware like Ducktail because they can obtain a large amount of sensitive data from a social media account. New malware campaigns pop up regularly and, most of the time, it’s up to you to stay safe until virus databases catch up.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*