An advanced PHP variant of the Ducktail malware poses a risk to Facebook users.

On October 13th, 2022, ZScaler, a cloud security firm, published a blog post detailing this latest discovery. The new PHP version is being distributed by “pretending to be a free/cracked program installer.” It also targets numerous platforms, such as Telegram and Microsoft Office applications.

This revised version of the malware uses a PHP script instead of the previously used .Net binary to execute the malware. When the app is installed, the victim is told it is “checking application compatibility.” In reality, two .tmp files are generated. The file then executes two processes to steal data.

The original version of the Ducktail malware was discovered in late 2021. A Vietnamese operator used it to hack into Facebook Business and Ads Manager accounts.

The original strain of Ducktail, as reported by ZScaler, has the ability to steal sensitive financial information and manipulate website content. These cyberattacks were exceptionally well-planned and managed to evade Facebook’s security measures. The attacks targeted high-ranking employees with advanced permissions in a company.

Additionally, the Ducktail malware can attempt to access two-factor authentication codes to bypass extra account security. Ducktail also targets various data, such as client information, email addresses, and payment card information.

Similarly, the PHP variant of Ducktail malware is intent on stealing sensitive data that can be exploited for financial gain. In addition to payment information, this variant of PHP Ducktail malware also targets email addresses, payment records, funding sources, account statuses, and funding records.

Ducktail’s PHP variant and original Ducktail share many similarities, making them a significant threat to Facebook accounts. To enhance the effectiveness of Ducktail’s attacks, Ducktail’s developers are likely to continue developing future versions of their original code. Therefore, users should be vigilant in protecting their account information and be aware of the dangers of this malware.

Related Posts - TKS Blog

TKS Newsletter - 2024 December
Here's our December 2024 Newsletter Read the full PDF version here: The TKS Sentinel - December Issue In this month's edition, we discuss: Ransomware Threats PDF Hijacking ...
Read more
zero trust protections
Zero Trust Cybersecurity: Essential for Keeping Your Data Secure
As cyber threats become increasingly sophisticated, businesses can no longer rely solely on traditional methods to protect their data. Hackers are no longer trying to...
Read more
voice technology options
Harnessing the Power of Voice Technology
Voice technology is quickly becoming one of the most valuable tools for businesses seeking to improve customer interactions, streamline operations, and cut costs. With...
Read more
email security tips
Enhance Your Email Security in 6 Simple Steps
6 Simple Steps to Enhance Your Small Business Email Security Email is one of the most commonly used tools in business today—but it’s also a prime...
Read more

Used with permission from Article Aggregator