DUCKTAIL Malware Targets High-Profile Facebook Accounts
DUCKTAIL is the name of a highly specialized piece of malware that targets Facebook Business accounts for the purpose of exploitation.
DUCKTAIL is believed to be linked with a criminal outfit operating out of Vietnam. All campaigns observed using the malware since 2021 have been very specific and highly targeted.
The purpose of DUCKTAIL is to compromise the account of a person who has a high level of control and privileged access to a Facebook Business account. This usually includes the finance editor of the account or its admin.
The malware can scrape information about Facebook sessions stored in cookies and use this to compromise the account. DUCKTAIL has a module that can check if the account in question has multi-factor authentication enabled and if it is on, the malware attempts to grab the recovery codes for it.
Once the account is cracked open, the malware operators can change the account email with one they control and essentially take over the whole account.
This sort of privacy leak can lead to massive damages for bigger entities, the sort that the malware is usually targeting.