Ducktail Infostealer Casts Its Fowl Malware Marketing campaign At Fb Customers

Researchers on the cybersecurity firm Zscaler have found a brand new model of the Ducktail Infostealer in a malware marketing campaign looking for to steal Fb Enterprise account credentials. Cybersecurity researchers first recognized the Ducktail Infostealer in 2021, attributing the little bit of malware to a Vietnamese menace actor. The sooner model of this malware was constructed on .NET Core and focused particularly higher-level staff with Admin and Finance entry to their corporations’ Fb Enterprise accounts.

In accordance with Zscaler, the menace actor behind the Ducktail Infostealer lately revamped the malware to increase its scope. The brand new model of the malware is written in PHP and targets customers with any degree of entry to Fb Enterprise accounts. This malicious software program masquerades as an software installer for Microsoft Workplace, varied video games, and extra which can be found for obtain on authentic file internet hosting web sites, corresponding to MediaFire.

Customers who run this malicious installer can be met by a window that reads, “Checking Utility Compatibility.” Nonetheless, unknown to the person, the malware works within the background to determine persistence on the sufferer’s system, then executes stealer code designed to seek out and swipe Fb Enterprise account credentials and knowledge saved within the sufferer’s browser. This code is encrypted as a way to keep away from detection, then decrypted in reminiscence when executed.

After first reaching out to the menace actor’s command-and-control (C2) server to obtain directions, the Ducktail Infostealer makes an attempt to pilfer a variety of knowledge from Fb Enterprise accounts, together with monetary and cost data. If the malware efficiently nabs any data, it sends this data again to the C2 server for the menace actor to make use of for additional malicious ends.

Not like ransomware, stealer malware normally is not instrumental to an extortion scheme the place menace actors demand a ransom cost in change for not publishing exfiltrated information to the online. Nonetheless, stealer malware should not be taken any much less severely than ransomware. The shortage of a ransom request can imply that victims of stealer malware by no means notice any of their data was stolen till its already been used to commit identification fraud or redirect victims’ funds to accounts managed by menace throughout. Customers needs to be hesitant to obtain purposes or third get together installers from unfamiliar sources, as menace actors typically distribute malware packaged with such software program.