A Finnish cybersecurity firm has sounded the alarm about a new type of Facebook malware that attempts to compromise business accounts for financial gain. Credit: Thinkstock Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts.The company said that it has “high confidence” that a Vietnamese threat actor is behind the attacks, which aim malicious messages at LinkedIn users who are likely to have admin access to their companies’ Facebook accounts. The threat actor also targets email addresses of potential victims directly.What makes the attack unique, according to WithSecure, is the infostealer malware component, which is designed specifically to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular. If a victim can be induced to open a malicious link, the malware scans the infected computer for browsers and extracts cookies that indicate authenticated Facebook sessions for use in gaining access to those accounts. Command and control is handled via the Telegram messaging service, using the Telegram Bot system, and private data is also sent back to the hacker in this way. Hacked accounts can provide the bad actor with a wealth of information, including 2FA codes, IP addresses and geolocation, financial details and credit card numbers, and much more. It can also compromise Facebook advertising accounts. Mohammad Kazem Hassan Nejad, a researcher for WithSecure, said that the malicious actor behind the DUCKTAIL attacks has been careful in selecting the malware’s targets.“We believe that the DUCKTAIL operators carefully select a small number of targets to increase their chances of success and remain unnoticed,” he said in a statement announcing the company’s findings. “We have observed individuals with managerial, digital marketing, digital media, and human resources roles in companies to have been targeted.” The company has been tracking the DUCKTAIL attacks since earlier this year, and said that that the malware has been under continuous development since the second half of 2021, adding new feature sets as Facebook updates its security measures.According to WithSecure, Facebook’s security has been stalwart enough to ward off many attacks that have been attempted over the years, but it and other social media networks remain tempting targets for bad actors, thanks to the near-universal userbase that such platforms provide. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe