Ducktail

Malware updated 5 months ago (2024-05-04T16:24:07.156Z)
Download STIX
Preview STIX
"Ducktail" is a malicious software (malware) first observed in 2022, specifically designed to target Facebook business accounts. The malware was discovered by Zscaler, a leading cybersecurity firm, and it's suspected to originate from threat actors based in Vietnam. Ducktail not only infiltrates systems but also has the capability to automatically create and publish fraudulent ad campaigns. Furthermore, if Ducktail locates a Facebook Business account session cookie, it attempts to add the attacker to the account as an administrator. The use of Ducktail for cyber-attacks became more pronounced in July when threat actors began infecting devices of individuals and employees with access to Facebook Business accounts. Notably, these attacks were not limited to Ducktail; other malware samples like DarkGate, Lobshot, and Redline were used in these campaigns. The same threat actors are believed to be behind NodeStealer, another malware that targets Facebook business accounts for advertising fraud and spreading malware to other users on the social media platform. The emergence of Ducktail and similar malwares signifies a growing trend of Vietnamese threat actors exploiting social media platforms for cybercrime. In fact, this trend has escalated to the point where DarkGate is now sold as Malware-as-a-Service (MaaS) on various cybercrime forums. Cybersecurity firms such as WithSecure and Sekoia have published detailed reports on these threats, highlighting their automated nature and the increasing sophistication of contemporary malware.
Description last updated: 2024-05-04T16:23:36.107Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Facebook
Malware
Infostealer
Meta
Cybercrime
Chrome
Phishing
Kaspersky
Whatsapp
Fraud
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Darkgate Malware is associated with Ducktail. DarkGate is a multifunctional malware known for its capabilities in information and credential stealing, cryptocurrency theft, and ransomware delivery. A recent campaign has seen it exploit a zero-day vulnerability in Microsoft Windows, allowing it to infiltrate systems undetected. DarkGate can be dUnspecified
5
The nodestealer Malware is associated with Ducktail. NodeStealer, a novel malware family first identified by Meta's security team in January 2023, is designed to exploit Meta's ad network on Facebook and poses a significant threat to user privacy and security. This malicious software operates as an info-stealer capable of hijacking browser cookies andUnspecified
5
The Redline Malware is associated with Ducktail. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, RedLine can steal personal information, disrupt operations, or deliver further Unspecified
2
The Lobshot Malware is associated with Ducktail. Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded inUnspecified
2
The Redline Stealer Malware is associated with Ducktail. RedLine Stealer is a type of malware, malicious software designed to exploit and damage computer systems. It operates by infiltrating the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or evUnspecified
2
Source Document References
Information about the Ducktail Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Secureworks
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Checkpoint
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
BankInfoSecurity
a year ago