Experiencing a breach?
Select Language
Request demo
Languages
Request demo
Back to Home

Partners

Partner offeringPartner success services
Back to Home

Resources

Resources Hub Resources
Back to Resources

Resources Hub

See all
Contact us
Back to Resources

Resources

Success storiesWebinarsEventsPodcastsPressroomBlogW/Labs
Contact us
Back to Home

About

About WithSecureLeadershipCompany contacts & officesCareers at WithSecureMuseum of Malware ArtAchievements & certificationsSustainabilityCompare UsVulnerability reward program
Contact us
Back to Home

Platform

Elements Cloud Elements capabilities
Back to Platform

Elements Cloud

See overview
Back to Platform

Elements capabilities

Exposure ManagementExtended Detection & ResponseCo-Security Services
Back to Home

Solutions

Industry Use case
Back to Solutions

Industry

Solution industry page linkSolution industry page linkSolution industry page link
Back to Solutions

Use case

ComplianceSolution use case page linkAI threatsSolution use case page linkSOC transformationSolution use case page link
Back to Home

Login

Back to Home

Languages

English Finnish French German Japanese

DUCKTAIL returns: Underneath the ruffled feathers

Software Protection Threat intelligence 22 November, 2022

Authors

Mohammad Kazem Hassan Nejad

Senior Threat Intelligence Researcher, WithSecure

Download Report

Download

WithSecure continues to shed light on a financially motivated malware operation, dubbed DUCKTAIL

In late July 2022, WithSecure shed light on a financially motivated malware operation, dubbed DUCKTAIL, that targets individuals and businesses operating on Facebook Ads and Business platform.

In short, the operation consists of an information stealer malware that is delivered to targeted victims that primarily operate in the digital marketing and advertisement space. The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim’s Facebook account. The operation ultimately hijacks Facebook Business accounts to which the victim has sufficient access. The threat actor uses their gained access to run ads for monetary gain.

After a short hiatus, the DUCKTAIL campaign returned with slight changes in their mode of operation. In this report, we’ll discuss what we have discovered since our original analysis was published.

You may find additional information about DUCKTAIL in our first report available at: https://labs.withsecure.com/publications/ducktail 

What next?

Discover WithSecure™ Elements Exposure Management.
– No credit card required. No obligations.No complexity.

Contact us

Related Labs content

Find related content relating to this topic.

W/Labs

AI security Software Protection Threat intelligence

GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations

15

Read more

W/Labs

WithSecure uncovers Russia-nexus threat group using AI to target Ukraine and European organisations

Read more

W/Labs

Attack Detection Software Protection Threat intelligence

DarkGate Rises: New version of DarkGate malware hunts like a Duck but bites like a RAT

Source: https://labs.withsecure.com/publications/darkgate-rises

Read more