New information-stealing malware targeting Facebook accounts
By MYBRANDBOOK
A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers in July, who linked the attacks to Vietnamese hackers.
Zscaler has spotted the signs of new activity involving a refreshed Ducktail campaign that uses a PHP script to act as a Windows information-stealing malware. Ducktail has now replaced the older NET Core information-stealing malware used in previous campaigns with one written in PHP.
The campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading as a PDF document supposedly containing details about a marketing project. The malware targeted information stored in browsers, mainly focusing on Facebook Business account data, and withdrew it to a private Telegram channel that acted as a C2 server. These stolen credentials are then used for financial fraud or to conduct malicious advertising.
Most of the fake lures for this campaign are related to games, subtitle files, adult videos, and cracked MS Office applications. These are hosted in ZIP format on legitimate file hosting services. When executed, the installation takes place in the background while the victim sees fake ‘Checking Application Compatibility’ pop-ups in the frontend, waiting for a fake application sent by the scammers to install.
The stealer’s code is an obfuscated (Base64) PHP script, which is deciphered directly on memory without touching the disk, minimizing the chances of being detected. The targeted data includes extensive Facebook account details, sensitive data stored in browsers, browser cookies, cryptocurrency wallet and account information, and basic system data.
Users are advised to be alert with instant messages on LinkedIn and treat file download requests with extra caution, especially cracked software, game mods, and cheats.
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
Google Pay has added "Open Wallet" shortcut
With the introduction of the "Open Wallet" shortcut, Google Pay has impro...
EXIDE INDUSTRIES LTD.
LUMINOUS POWER TECHNOLOGIES PVT. LTD.
MICROMAX INFORMATICS LTD.
JUVAS SOLUTIONS PVT. LTD.
Technology Icons Of India 2023: Rajiv Memani
As Chair of the EY Global Emerging Markets Committee, Rajiv connects e...
Technology Icons Of India 2023: Dr. Sanjay Bahl
Sanjay Bahl is currently with the Indian Computer Emergency Response T...
Technology Icons Of India 2023: Dilip Asbe
Dilip Asbe is the MD & CEO of National Payments Corporation of India (...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
BEL leveraging next generation technologies to keep the country ahead in Defence space
Bharat Electronics Limited (BEL) is a Navratna PSU under the Ministry ...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
INGRAM MICRO INDIA PVT. LTD.
Ingram Micro India, a large national distributor offers a comprehensiv...
IRIS GLOBAL SERVICES PVT. LTD.
Iris Global services is one of the leading distribution houses that d...