Ducktail

Malware updated 4 months ago (2024-05-04T16:24:07.156Z)

Download STIX

Preview STIX

"Ducktail" is a malicious software (malware) first observed in 2022, specifically designed to target Facebook business accounts. The malware was discovered by Zscaler, a leading cybersecurity firm, and it's suspected to originate from threat actors based in Vietnam. Ducktail not only infiltrates systems but also has the capability to automatically create and publish fraudulent ad campaigns. Furthermore, if Ducktail locates a Facebook Business account session cookie, it attempts to add the attacker to the account as an administrator. The use of Ducktail for cyber-attacks became more pronounced in July when threat actors began infecting devices of individuals and employees with access to Facebook Business accounts. Notably, these attacks were not limited to Ducktail; other malware samples like DarkGate, Lobshot, and Redline were used in these campaigns. The same threat actors are believed to be behind NodeStealer, another malware that targets Facebook business accounts for advertising fraud and spreading malware to other users on the social media platform. The emergence of Ducktail and similar malwares signifies a growing trend of Vietnamese threat actors exploiting social media platforms for cybercrime. In fact, this trend has escalated to the point where DarkGate is now sold as Malware-as-a-Service (MaaS) on various cybercrime forums. Cybersecurity firms such as WithSecure and Sekoia have published detailed reports on these threats, highlighting their automated nature and the increasing sophistication of contemporary malware.

Description last updated: 2024-05-04T16:23:36.107Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Facebook

Malware

Infostealer

Meta

Cybercrime

Chrome

Phishing

Kaspersky

Fraud

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Darkgate	Unspecified	5	DarkGate is a malicious software (malware) designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once embedded in a system, DarkGate can steal personal information, disrupt operations, or hold data for ransom. Recently, the malware was
nodestealer	Unspecified	5	NodeStealer, a novel malware family first identified by Meta's security team in January 2023, is designed to exploit Meta's ad network on Facebook and poses a significant threat to user privacy and security. This malicious software operates as an info-stealer capable of hijacking browser cookies and
Redline	Unspecified	2	RedLine is a notorious malware that has been widely used by cybercriminals to steal sensitive information. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can cause significant damage by stealing personal data or disrupting operations. RedLine's conf
Lobshot	Unspecified	2	Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded in
Redline Stealer	Unspecified	2	RedLine Stealer is a malicious software (malware) that infiltrates computer systems and devices, often unbeknownst to users. The malware can infect systems through suspicious downloads, emails, or websites, causing significant damage by stealing personal information, disrupting operations, or even h

Source Document References

Information about the Ducktail Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Vietnamese Hackers Hit Digital Marketers With Info Stealers
CERT-EU	a year ago	New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets
CERT-EU	10 months ago	DarkGate Gained Popularity for its Covert Nature and Antivirus Evasion
CERT-EU	10 months ago	DarkGate Internals
Secureworks	a year ago	The Growing Threat from Infostealers
CERT-EU	10 months ago	Vietnamese hackers attack UK, US and India with DarkGate malware
CERT-EU	10 months ago	Vietnamese threat actors linked to DarkGate malware campaign
CERT-EU	a year ago	Fake Corsair job offers on LinkedIn push DarkGate malware
CERT-EU	a year ago	Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware
CERT-EU	a year ago	Hackers target US Facebook biz accounts with potent malware cocktail
BankInfoSecurity	a year ago	Vietnamese Hackers Hit Digital Marketers With Infostealers
CERT-EU	a year ago	DarkGate attacks linked to Vietnam-based cyber criminals – Global Security Mag Online
CERT-EU	a year ago	DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals
CERT-EU	a year ago	Researchers uncover DarkGate malware's Vietnamese connection - Help Net Security
Checkpoint	a year ago	BYOS - Bundle Your Own Stealer - Check Point Research
CERT-EU	a year ago	Hackers continue to distribute malware through hacked verified pages on Facebook
CERT-EU	a year ago	Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts
CERT-EU	a year ago	Python versions of stealer malware discovered targeting Facebook business accounts
Securityaffairs	a year ago	Facebook warns of new information-stealing malware NodeStealer
BankInfoSecurity	a year ago	Vietnamese Hackers Hit Digital Marketers With Info Stealers