New Delhi, November 26: Cybersecurity researchers have discovered a new version of malware from the "Ducktail" family to steal Facebook Business accounts, a new report has shown. According to the cybersecurity company Kaspersky, cybercriminals are using malicious browser extensions to target company employees who either hold fairly senior positions or work in HR, digital marketing, or social media marketing.

"Their ultimate goal is to hijack Facebook Business accounts, so it makes sense that the attackers are interested in folks most likely to have access to them," the researchers said. Ducktail is a specifically designed information stealer with serious consequences such as privacy violations, financial losses, and identity theft.  Hackers Exploiting 'CitrixBleed' Bug For Mass Cyberattacks Globally: Report.

To hack users' FB accounts, cybercriminals behind Ducktail send out malicious archives to their potential victims that contain bait in the form of theme-based images and video files on a common topic. Inside these archives also include executable files, which contain PDF icons and very long file names to divert the victim’s attention from the exe extension.

Additionally, the names of the fake files appeared to be carefully chosen for relevance so as to persuade the recipients to click on them. In the fashion-themed campaign, the names referred to “guidelines and requirements for candidates”, but other bait like, say, price lists or commercial offers, can be used as well, the report noted.

After first opening the exe file in the hopes that the victim will not notice anything unusual, it displays the contents of a PDF file that the malicious code has embedded in it. Notably, the malware simultaneously scans all desktop shortcuts, the Start menu, and the Quick Launch toolbar. Cryptocurrency Hacking: USD 173 Million Lost in Crypto So Far in November, Hackers Steal Over USD 114 Million From Poloniex Cryptocurrency Exchange.

According to the report, the malware searches for shortcuts to Chromium-based browsers, such as Google Chrome, Microsoft Edge, Vivaldi, and Brave. "Having found one, the malware alters its command line by adding an instruction to install a browser extension, which is also embedded in the executable file," said the researchers.

"Five minutes later, the malicious script terminates the browser process, prompting the user to restart it using one of the modified shortcuts," they added.

(The above story first appeared on LatestLY on Nov 26, 2023 03:22 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website