A New Ducktail Malware Is Stealing Facebook Credentials

The most recent version of the Ducktail malware is back again to harass Facebook users. Additionally, the threat actors behind this effort are allegedly well-known for stealing private information from millions of users in the largest social media hub, claim cybersecurity analysts. So, here are some things you must avoid and some tips from the security experts you must follow to safeguard yourself against this malware.

A new Ducktail malware

Bleeping Computer first reported the discovery of brand-new PHP malware that steals user data from Facebook. The most recent Ducktail phishing effort also steals browser data and cryptocurrency wallets. For those unaware, the WithSecure cybersecurity team made the initial discovery of the Ducktail virus in July 2022. The experts thought that an unidentified group of Vietnamese hackers was in charge of this campaign. Additionally, the malware's earlier iteration was written in NetCore. Usually, it targets individuals who joined Facebook groups, especially on the Ads and Business platform. However, the updated Ducktail malware has a broader reach because it now targets more frequent users of the social media network rather than simply Facebook Business users. According to the Zscaler cybersecurity company, the new Ducktail collects personal information from the victims, including their PayPal addresses, user payment methods, and more. Furthermore, Zscaler also said in a blog post, "It seems that the threat actors behind the Ducktail stealer campaign are continuously making changes or enhancement in the delivery mechanisms and approach to steal a wide variety of sensitive user and system information targeting users at large. Zscaler's ThreatLabz team is continuously monitoring the campaign and will bring to light any new findings that it will come across."

Avoid using ZIP files

The experts caution Facebook users to be on the lookout for dubious links that encourage them to download contaminated ZIP files. They say that these cracked documents often contain pirated versions of various media, including movies, games, and apps. Moreover, according to Zscaler, the Ducktail infostealer malware might show up as pop-up ads on your browser. In addition, avoid it at all costs if it says "Checking Application Compatibility." Previously, the threat actors sent the victim's data from the PC to Telegram. However, by storing the data in a JSON website, they have already enhanced data storage. Also, Read- Microsoft’s Outdated Driver List Exposed Windows PCs to Malware Attacks

How to protect yourself from Ducktail malware

With careful browsing, you can avoid the new Ducktail malware version. Also, avoid attempting to download pirated software and apps from arbitrary websites to protect yourself from this cyber hazard. Also, you shouldn't save your passwords in your browser because it steals them too. In addition, for more security, you can start using a reputable password manager. Also, Read- Malware That Deactivates Antivirus Software Lastly, to strengthen their defense against this risky malware type, Digital Trends advises users to utilize an updated antivirus program.