"New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts"

According to Zscaler's latest findings, a PHP version of the information-stealing malware Ducktail has been discovered in the wild and is being distributed in the form of cracked installers for legitimate apps and games. The latest version (PHP), like older versions (.NetCore), aims to exfiltrate sensitive information such as saved browser credentials, Facebook account information, and more. Ducktail, which first appeared on the threat landscape in late 2021, is attributed to an unidentified Vietnamese threat actor, and the malware is primarily designed to hijack Facebook business and advertising accounts. The financially motivated cybercriminal operation was first documented in late July 2022 by the Finnish cybersecurity company WithSecure (formerly F-Secure). Although previous versions of the malware were discovered to use Telegram as a command-and-control (C2) channel to exfiltrate data, the PHP variant discovered in August 2022 connects to a newly hosted website to store the data in JSON format. This article continues to discuss findings regarding the new PHP version of Ducktail malware.  

THN reports "New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts"