Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Facebook Security

A Newly Discovered Malware Hijacks Facebook Business Accounts (techcrunch.com) 7

An ongoing cybercriminal operation is targeting digital marketing and human resources professionals in an effort to hijack Facebook Business accounts using a newly discovered data-stealing malware. TechCrunch reports: Researchers at WithSecure, the enterprise spin-off of security giant F-Secure, discovered the ongoing campaign they dubbed Ducktail and found evidence to suggest that a Vietnamese threat actor has been developing and distributing the malware since the latter half of 2021. The firm added that the operations' motives appear to be purely financially driven. The threat actor first scouts targets via LinkedIn where it selects employees likely to have high-level access to Facebook Business accounts, particularly those with the highest level of access. The threat actor then uses social engineering to convince the target to download a file hosted on a legitimate cloud host, like Dropbox or iCloud. While the file features keywords related to brands, products, and project planning in an attempt to appear legitimate, it contains data-stealing malware that WithSecure says is the first malware that they have seen specifically designed to hijack Facebook Business accounts.

Once installed on a victim's system, the Ducktail malware steals browser cookies and hijacks authenticated Facebook sessions to steal information from the victim's Facebook account, including account information, location data, and two-factor authentication codes. The malware also allows the threat actor to hijack any Facebook Business account that the victim has sufficient access to simply by adding their email address to the compromised account, which prompts Facebook to to send a link, via email, to the same email address. The recipient -- in this case, the threat actor -- then interacts with the emailed link to gain access to that Facebook Business. The threat actors then leverage their new privileges to replace the account's set financial details in order to direct payments to their accounts or to run Facebook Ad campaigns using money from the victimized firms.

This discussion has been archived. No new comments can be posted.

A Newly Discovered Malware Hijacks Facebook Business Accounts

Comments Filter:
  • So if a company that hijacks companies has their "customers" hijacked, does that make it right?

    --
    Two wrongs don't make a right, but they make a good excuse. - Thomas Szasz

    • I can see Fecebook coming down on this pretty hard, if there's one thing crooks dislike it's other crooks impinging on their territory.
  • While the file features keywords related to brands, products, and project planning in an attempt to appear legitimate, it contains data-stealing malware that WithSecure says is the first malware that they have seen specifically designed to hijack Facebook Business accounts.

    So once again, a desktop OS has a vulnerability that is exploited. But of course there's no identification of the vulnerable OS(s).... The security industry and tech journalists -should be held- to a standard that requires them to ident

  • Nothing of any useful nature was lost due to it.

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Working...