1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New malware strain bypasses Facebook authentication to hijack bus

    From TechnologyDaily@1337:1/100 to All on Wed Jul 27 12:45:03 2022
    New malware strain bypasses Facebook authentication to hijack business accounts

    Date:
    Wed, 27 Jul 2022 11:19:04 +0000

    Description:
    Threat actors are hijacking Facebook cookies to access business accounts, and use credit cards to fund ad campaigns

    FULL STORY ======================================================================

    Hackers are on the hunt for Facebook Business accounts to hijack and use the credit cards linked to those accounts to fund their own ad campaigns.

    Security experts at WithSecure have uncovered criminals targeting individuals and employees that may have access to a Facebook Business account with an information-stealer malware .

    The researchers dubbed the malware DUCKTAIL, and believe a Vietnamese threat actor is running the show. The modus operandi is relatively simple: theyll first look for businesses that are buying ads on Facebook, and then try to guess who from that company might have access to its Facebook Business account. Managers in the crosshairs

    Most of the time, theyll target either managers, or people working in the marketing department.

    The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to," WithSecure said in its report .

    We have observed individuals with managerial, digital marketing, digital media, and human resources roles in companies to have been targeted, it
    added. After identifying the target, the threat actor will engage in social engineering and phishing, until they manage to deploy infostealers on the victims endpoints. Read more

    Beware - another dangerous Android malware has had millions of downloads
    from the Google Play Store


    More brutal malware-laden Android apps are lurking on the Play Store


    These are the best malware protection services around

    The malware was said to have been coded using .NET Core, and once installed, it scans the targets browser for Facebook session cookies. If found, the malware directly interacts with various Facebook endpoints from the victims machine using the Facebook session cookie (and other security credentials
    that it obtains through the initial session cookie) to extract information from the victims Facebook account.

    With the session cookies, the threat actors are able to fully take over the victims account, and use the credit card link to that account to fund ads
    that other businesses run.

    Apparently, the threat actors have been tweaking DUCKTAIL for years, helping it avoid any new security measures installed by the social network. Keep your devices secure with the best antivirus tools around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/new-malware-strain-bypasses-facebook-authentica tion-to-hijack-business-accounts/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)