In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.
The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.
An in-depth account of how Ducktail works was shared by Bleeping Computer. The first version relied on a LinkedIn campaign, with hackers posing as marketing and human resources professionals to deliver PHP malware under the guise of useful information. The latest Ducktail is seeded on file-sharing networks that host cracked software, games, adult videos, and anything of a forbidden nature.
This is likely the reason for the broader scope of the malware, which has moved beyond Facebook Business accounts to harvest browser data, cryptocurrency wallets, and any personal Facebook account data that might be of use, including names, contact emails, phone numbers, and more.
You can’t detect the PHP malware on your disk drive, even though it’s human-readable code because it’s compressed and stored in Base64, then expands in memory before running. Your computer might have plenty of useful PHP scripts in place, so deleting all PHP could be a hasty decision. Instead, you should wait for the latest update to your antivirus software to detect and purge this nasty variant.
As usual, the best way to protect yourself from cybersecurity attacks is to avoid risky behaviors. That means using caution when downloading files from the internet. If something seems too good to be true, it might be a trick to get you to install malware on your computer. Stay alert to keep your accounts, data, and money safe.
