Facebook Business Accounts Hacked via New PHP Version of Ducktail Malware
Facebook Business accounts are now under attack via a new PHP version of the Ducktail malware strain.
New PHP Version of Ducktail Malware Puts Facebook Users at Risk
Facebook Business account holders are now exposed to a new threat, which comes in the form of a PHP variant of the Ducktail malware program.
ZScaler, a cloud security company, reported this new finding in aZScaler blog poston October 13th. The new PHP version is being spread among devices by “pretending to be a free/cracked application installer”. It also targets various platforms for infection, including Telegram and Microsoft Office apps.
In this new version of Ducktail, the operator has altered the malware execution method, converting a PHP script instead of the previously used .Net binary. After the app is installed, the victim will be told that it is “checking application compatibility”, when, in reality, two .tmp files are being generated.
The second of these two files is capable of dropping the malicious code. After this, the file “executes two processes” to achieve both persistence and steal data.
Ducktail Malware Has Been Around Since 2021
The original version of Ducktail malware was first discovered in late 2021 and was connected to a Vietnamese operator who wasusing it to hack Facebook Business and Ads Manager accounts.
In the aforementioned blog post, ZScaler discussed the original Ducktail strain, which could “manipulate pages and access financial information”. The attacks were recognized as highly targeted and even had the ability to bypass Facebook’s security defenses. Users with a high status in a company were targeted in these attacks, as they were granted advanced permissions.
Ducktail can also make an attempt to accesstwo-factor authenticationcodes to evade this additional layer of account protection. Various kinds of data are targeted by the Ducktail infostealer, including payment details, email addresses, and client information.
User Information Is Still at Risk with the PHP Infostealer
The PHP variant of the Ducktail infostealer is also after sensitive data that can be exploited for financial gain. Even individuals with protective login measures may be at risk.
It seems that payment information is also the focus of this new PHP Ducktail malware, as well as email addresses, payment records, funding sources, and account statuses.
Both Ducktail Versions Are Highly Dangerous
The original Ducktail malware and its PHP variant share many similarities and pose a significant threat to Facebook Business accounts and the sensitive data they harbor. Ducktail’s creator may continue to create subsequent versions of their original code to further improve the execution of their attacks. Time will tell whether this turns out to be the case.
What happens if your device has been infected by malware? You might be given the option to delete, clean, or quarantine viruses: which do you choose?
You’ve been quoting these famous films wrong all along!
Flagship price, mid-range phone.
Unlock a world of entertainment possibilities with this clever TV hack.
Your phone is a better editor than you give it credit for.
You can block out the constant surveillance and restore your privacy with a few quick changes.
