Cybercriminals are continuously finding innovative ways to target Facebook Business accounts, which are essential for a company’s social media presence. These criminals employ sophisticated malware, such as the Ducktail family, to hijack the accounts of employees in senior positions, HR, digital marketing, and social media marketing.

To perpetrate their schemes, cybercriminals disguise malware as archives and send them to potential victims. To avoid raising suspicion, these archives contain theme-based images and video files related to popular topics. Recently, a campaign was discovered using the names of renowned fashion industry players, luring victims with clothing photos within these archives.

Malicious actors frequently employ deceptive techniques to mask the malware. They hide executable files behind PDF icons and assign them extremely long names, making it difficult for users to recognize the EXE extension easily. Moreover, file names are chosen carefully to match user interests and provoke clicks. Once the disguised files are opened, a malicious script is activated on the targeted device. This script displays contents seemingly from a PDF file embedded in the malware code. However, the true intent of the script is to scan shortcuts on the desktop, Start menu, and Quick Launch toolbar for Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Vivaldi.

Once the malware detects these browsers, its command line is altered to install a browser extension, which is part of the disguised PDF file. These installed extensions can monitor all tabs opened the user. Specifically, the malicious extension searches for ads and business accounts linked to Facebook. When it discovers a Facebook-associated address, the information is promptly sent back to the cybercriminals.

The stolen data includes active Facebook accounts and session cookies stored the browser. By exploiting this information, cybercriminals can gain unauthorized access to targeted Facebook Business accounts, effectively hijacking them.

Frequently Asked Questions (FAQ)

1. How can I protect my business accounts from malware?

To safeguard your business accounts, you should refrain from downloading suspicious archives from unknown sources onto your work computers. Avoid clicking on files with EXE extensions, especially when they have different icons like documents or images. It’s important to verify the file extensions of all downloads before opening them. Stay vigilant and regularly check your browser extensions for any suspicious additions.

2. Is there fool-proof protection against malware attacks?

While it’s challenging to guarantee absolute protection, you can minimize the risk practicing good internet hygiene and staying informed about the latest methods employed cybercriminals. By following these preventative measures, you can enhance the security of your business accounts and reduce the chances of falling victim to malware attacks.