New information-stealing malware targeting Facebook accounts
By MYBRANDBOOK
A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers in July, who linked the attacks to Vietnamese hackers.
Zscaler has spotted the signs of new activity involving a refreshed Ducktail campaign that uses a PHP script to act as a Windows information-stealing malware. Ducktail has now replaced the older NET Core information-stealing malware used in previous campaigns with one written in PHP.
The campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading as a PDF document supposedly containing details about a marketing project. The malware targeted information stored in browsers, mainly focusing on Facebook Business account data, and withdrew it to a private Telegram channel that acted as a C2 server. These stolen credentials are then used for financial fraud or to conduct malicious advertising.
Most of the fake lures for this campaign are related to games, subtitle files, adult videos, and cracked MS Office applications. These are hosted in ZIP format on legitimate file hosting services. When executed, the installation takes place in the background while the victim sees fake ‘Checking Application Compatibility’ pop-ups in the frontend, waiting for a fake application sent by the scammers to install.
The stealer’s code is an obfuscated (Base64) PHP script, which is deciphered directly on memory without touching the disk, minimizing the chances of being detected. The targeted data includes extensive Facebook account details, sensitive data stored in browsers, browser cookies, cryptocurrency wallet and account information, and basic system data.
Users are advised to be alert with instant messages on LinkedIn and treat file download requests with extra caution, especially cracked software, game mods, and cheats.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
ICONS OF INDIA : RISHAD PREMJI
Rishad Premji is Executive Chairman of Wipro Limited, a $11.3 billion ...
Icons Of India : ASHISH KUMAR CHAUHAN
Ashish kumar Chauhan, an Indian business executive and administrator, ...
Icons Of India : NANDAN NILEKANI
Nandan Nilekani is the Co-Founder and Chairman of Infosys Technologies...
HPCL - Hindustan Petroleum Corporation Ltd.
HPCL is an integrated oil and gas company involved in refining, market...
GSTN - Goods and Services Tax Network
GSTN provides shared IT infrastructure and service to both central and...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
Indian Tech Talent Excelling The Tech World - George Kurian, CEO, Netapp
George Kurian, the CEO of global data storage and management services ...
Indian Tech Talent Excelling The Tech World - JAY CHAUDHRY, CEO – Zscaler
Jay Chaudhry, an Indian-American technology entrepreneur, is the CEO a...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...