Facebook Ducktail Phishing scam now targetting users; here's how it works

tech.hindustantimes.com:

In what will be a big worry for users of Facebook, Ducktail Phishing scam has become operative. A new version of the Ducktail malware is being used to steal data and take over Facebook accounts. It originally surfaced in July this year and initially it was aimed at Facebook Business accounts, but now it has become a more widespread danger. The latest version of Ducktail accesses all Facebook data available on an infected computer. And the most scary thing is in the case of a Facebook business account, it can even discover payment methods, putting your money at risk. Additionally, Facebook Business data include billing information and cycles, which could be used to disguise unauthorized purchases.

As shared by Bleeping Computer, the first version of the malware was dependent on the LinkedIn campaign, with hackers delivering PHP malware in disguise of marketing and human resources professionals. However, the latest Ducktail is seeded on file-sharing networks comprising cracked software, games, adult videos, and anything of a forbidden nature.

The Ducktail malware can even steal other sensitive information stored in the browser like the login credentials and even funds from some of the best crypto wallets. This new Ducktail campaign has a much larger scope and attacks Facebook users as well as Facebook Business users.

In a blog post, the cloud security company Zscaler provides detailed insight on how this new campaign differs from the previous one. They have mentioned, “It seems that the threat actors behind the Ducktail stealer campaign are continuously making changes or enhancement in the delivery mechanisms and approach to steal a wide variety of sensitive user and system information targeting users at large. Zscaler's