Ducktail

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
"Ducktail" is a malicious software (malware) first observed in 2022, specifically designed to target Facebook business accounts. The malware was discovered by Zscaler, a leading cybersecurity firm, and it's suspected to originate from threat actors based in Vietnam. Ducktail not only infiltrates systems but also has the capability to automatically create and publish fraudulent ad campaigns. Furthermore, if Ducktail locates a Facebook Business account session cookie, it attempts to add the attacker to the account as an administrator. The use of Ducktail for cyber-attacks became more pronounced in July when threat actors began infecting devices of individuals and employees with access to Facebook Business accounts. Notably, these attacks were not limited to Ducktail; other malware samples like DarkGate, Lobshot, and Redline were used in these campaigns. The same threat actors are believed to be behind NodeStealer, another malware that targets Facebook business accounts for advertising fraud and spreading malware to other users on the social media platform. The emergence of Ducktail and similar malwares signifies a growing trend of Vietnamese threat actors exploiting social media platforms for cybercrime. In fact, this trend has escalated to the point where DarkGate is now sold as Malware-as-a-Service (MaaS) on various cybercrime forums. Cybersecurity firms such as WithSecure and Sekoia have published detailed reports on these threats, highlighting their automated nature and the increasing sophistication of contemporary malware.
What's your take? (Question 1 of 5)
078eda1b-5002-4a2e-93ce-c0e8b59dbb0d Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Facebook
Malware
Infostealer
Meta
Cybercrime
Chrome
Phishing
Kaspersky
Whatsapp
Fraud
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DarkgateUnspecified
5
DarkGate is a form of malware that has been causing significant issues in recent times. This malicious software, designed to exploit and damage computer systems, infiltrates devices through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal inf
nodestealerUnspecified
5
NodeStealer, a novel malware family first identified by Meta's security team in January 2023, is designed to exploit Meta's ad network on Facebook and poses a significant threat to user privacy and security. This malicious software operates as an info-stealer capable of hijacking browser cookies and
RedlineUnspecified
2
RedLine is a notorious malware, discovered in March 2020, that has been used extensively by threat actors to export personal information such as credentials, cryptocurrency wallets, and financial data to its command-and-control infrastructure. The malware infiltrates systems via suspicious downloads
LobshotUnspecified
2
Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded in
Redline StealerUnspecified
2
RedLine Stealer is a type of malware that infiltrates systems to exfiltrate sensitive data. This malicious software, often delivered through suspicious downloads, emails, or websites, can disrupt operations, steal personal information, or even hold data for ransom. A packet capture (pcap) analysis f
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ducktail Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Yori
a year ago
DuckTail: Dissecting a complex infection chain started from social engineering - Yoroi
CSO Online
a year ago
Malware disguised as ChatGPT apps are being used to lure victims, Meta says
CERT-EU
a year ago
Ducktail Operation - Hackers May Steal Your Credentials From Web Browser
InfoSecurity-magazine
a year ago
Meta Tackles Malware Posing as ChatGPT in Persistent Campaigns
DARKReading
6 months ago
Ducktail Malware Targets the Fashion Industry
CERT-EU
9 months ago
Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
CERT-EU
6 months ago
How Ducktail steals Facebook accounts
Securelist
7 months ago
Ducktail malware spreading through fake clothing job ads
CERT-EU
a year ago
Hackers are increasingly using ChatGPT lures to spread malware on Facebook | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
Securityaffairs
7 months ago
Vietnamese threat actors linked to DarkGate malware campaign
DARKReading
7 months ago
Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors
Unit42
10 months ago
NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts
InfoSecurity-magazine
7 months ago
DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals
Secureworks
a year ago
The Growing Threat from Infostealers
CERT-EU
9 months ago
Exploring the Inner Workings of DuckTail - Cyber Security Review
CERT-EU
10 months ago
Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts
BankInfoSecurity
7 months ago
Vietnamese Hackers Hit Digital Marketers With Infostealers
BankInfoSecurity
7 months ago
Vietnamese Hackers Hit Digital Marketers With Info Stealers
CERT-EU
7 months ago
Vietnamese Hackers Hit Digital Marketers With Info Stealers
Malwarebytes
a year ago
Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts