In the continuing barrage of cyber attacks, Facebook users are being targeted by a new version of Ducktail malware that originally appeared in July. The first implementation was specifically targeting Facebook Business accounts, but it has recently become a more widespread danger.
The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it turns out to be a business account, payment methods could be discovered, putting your money at risk. Additionally, Facebook Business data may include billing information and cycles, which could be used to help disguise unauthorized purchases.
An in-depth account of how Ducktail works was shared by bleeping computer. The first version was based on a LinkedIn campaign, with hackers posing as marketing and human resources professionals to deliver PHP malware under the guise of useful information. The latest Ducktail is seeded on file sharing networks that host cracked software, games, adult videos, and anything of a prohibited nature.
This is likely the reason for the broader reach of the malware, which has moved beyond business Facebook accounts to collect browser data, cryptocurrency wallets, and any personal Facebook account data that might be useful, including names, contact emails, phone numbers and more.
It cannot detect PHP malware on your drive, even though it is human-readable code because it is compressed and stored in Base64, then expanded in memory before being executed. Your computer may have many useful PHP scripts in place, so removing all PHP might be a hasty decision. Instead, you have to wait for the latest update of your antivirus software to detect and purge this nasty variant.
As usual, the best way to protect yourself from cybersecurity attacks is to avoid risky behavior. That means being careful when downloading files from the Internet. If something seems too good to be true, it could be a trick to install malware on your computer. Stay vigilant to keep your accounts, data, and money safe.