New Delhi, November 26 (IANS): Cybersecurity researchers have discovered a new version of the Ducktail family of malware that steals Facebook Business accounts, a new report reveals.
According to cybersecurity firm Kaspersky, cybercriminals are using malicious browser extensions to target employees in fairly senior positions as well as those working in human resources, digital marketing, and social media marketing. .
“Since their ultimate goal is to hijack Facebook Business accounts, it’s natural that attackers would be interested in who is most likely to have access,” the researchers said.
Ducktail is a specially designed information thief with severe consequences such as privacy violation, financial loss, and identity theft.
To hack users’ FB accounts, the cybercriminals behind Ducktail send potential victims malicious archives containing bait in the form of theme-based images and video files about common topics. Masu.
Also included within these archives are executable files, which contain a PDF icon and a very long filename to distract the victim’s attention from the exe extension.
Additionally, the names of the fake files appear to have been carefully chosen for relevance in order to convince recipients to click on them.
The name referred to “candidate guidelines and requirements” for the fashion-themed campaign, but other bait such as price lists and commercial offers could be used as well, the report noted. are doing.
When victims first open the exe file, hoping they won’t notice anything amiss, they are shown the contents of a PDF file with malicious code embedded in it.
In particular, this malware deletes all desktop shortcuts,[スタート]Scans the menu and quick launch toolbar at the same time.
According to the report, the malware searches for shortcuts to Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, and Brave.
“Once the malware finds it, it modifies the command line by adding instructions to install a browser extension, which is also embedded in the executable file,” the researchers said.
“After 5 minutes, the malicious script terminates the browser process and prompts the user to restart the browser using one of the modified shortcuts,” they added.