Download Report
WithSecure continues to shed light on a financially motivated malware operation, dubbed DUCKTAIL
In late July 2022, WithSecure shed light on a financially motivated malware operation, dubbed DUCKTAIL, that targets individuals and businesses operating on Facebook Ads and Business platform.
In short, the operation consists of an information stealer malware that is delivered to targeted victims that primarily operate in the digital marketing and advertisement space. The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim’s Facebook account. The operation ultimately hijacks Facebook Business accounts to which the victim has sufficient access. The threat actor uses their gained access to run ads for monetary gain.
After a short hiatus, the DUCKTAIL campaign returned with slight changes in their mode of operation. In this report, we’ll discuss what we have discovered since our original analysis was published.
You may find additional information about DUCKTAIL in our first report available at: https://labs.withsecure.com/publications/ducktail
Related Labs content
Find related content relating to this topic.
W/ラボ
DarkGate Rises: New version of DarkGate malware hunts like a Duck but bites like a RAT
Source: https://labs.withsecure.com/publications/darkgate-rises
W/ラボ
Reverse engineering a Lumma infection
Lumma is an information stealer that the WithSecure Detection and Response Team (DRT) have encountered several times. It has seen wider use over the past couple of years, and makes for an interesting threat to monitor.
W/ラボ
Machine learning-driven malware analysis
With the rapid emergence of new malware variants, accurately classifying and attributing malware samples has become more challenging than ever