Facebook Security Undermined By Vietnam-Origin 'DUCKTAIL' Malware, Says Security Firm

Facebook Security Undermined By Vietnam-Origin 'DUCKTAIL' Malware, Says Security Firm

Meta Platforms Inc's META social media platform Facebook is the target of an operation dubbed “DUCKTAIL” conducted by a Vietnamese threat actor.

What Happened: WithSecure, a corporate security spinoff  of F-Secure, said in a statement that the ongoing operation targets individuals and organizations that operate on Facebook’s Business and Ads platform.

Workings Of DUCKTAIL operation — Courtesy WithSecure

DUCKTAIL is an information-stealer malware, which is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the targeted Facebook account and ultimately “hijack” any Facebook Business Account it gains sufficient access to, according to WithSecure.

“Based upon analysis and gathered data, we have determined that the operation is conducted by a Vietnamese threat actor. The chain of evidence suggests that the threat actor’s motives are financially driven,” the corporate security company said.

See Also: How To Buy Meta (Formerly Facebook) Shares

Why It Matters: Investigation by WithSecure revealed that the threat actor has been developing and distributing malware linked to the DUCKTAIL operation since the later half of 2021 but evidence suggests that the actor may have been active as early as late 2018 in the cybercriminal space.

WithSecure said it had shared DUCKTAIL research with Meta, who said they were aware of “these particular scammers.”

Meta said it continued to update its systems to detect these attempts but “because this malware is typically downloaded off-platform, we encourage people to be cautious about what software they install on their devices."

WithSecure said in a detailed brief on the malware that the DUCKTAIL operation was exclusively written in .NET Core. The malware scans victims machines for browsers such as Google Chrome, Microsoft Edge, Brave and Firefox.

The stolen information from personal accounts includes name, email, birthday and User ID. Exfilitration of data was done through Telegram.

Price Action: On Wednesday, Meta shares dropped 4.7% lower to $161.65 in the after-hours trading after closing 6.55% higher at $169.58 in the regular session, according to data from Benzinga Pro.

Read Next: Mark Zuckerberg Doubles Down On Facebook And Instagram's Mutation Into TikTok

Posted In: Consumer TechCybersecuritymalwareNewsSocial MediaTechGeneral