Skip to main content

This new malware is targeting Facebook accounts – make sure yours is safe

In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.

The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.

Facebook logo appears with a hooded figure over a cracked blue background.

An in-depth account of how Ducktail works was shared by Bleeping Computer. The first version relied on a LinkedIn campaign, with hackers posing as marketing and human resources professionals to deliver PHP malware under the guise of useful information. The latest Ducktail is seeded on file-sharing networks that host cracked software, games, adult videos, and anything of a forbidden nature.

This is likely the reason for the broader scope of the malware, which has moved beyond Facebook Business accounts to harvest browser data, cryptocurrency wallets, and any personal Facebook account data that might be of use, including names, contact emails, phone numbers, and more.

You can’t detect the PHP malware on your disk drive, even though it’s human-readable code because it’s compressed and stored in Base64, then expands in memory before running. Your computer might have plenty of useful PHP scripts in place, so deleting all PHP could be a hasty decision. Instead, you should wait for the latest update to your antivirus software to detect and purge this nasty variant.

As usual, the best way to protect yourself from cybersecurity attacks is to avoid risky behaviors. That means using caution when downloading files from the internet. If something seems too good to be true, it might be a trick to get you to install malware on your computer. Stay alert to keep your accounts, data, and money safe.

Editors' Recommendations

Alan Truly
Computing Writer
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
The new ways Meta will pay you to make content for Facebook and Instagram
facebook hacked

Creators on Facebook and Instagram will soon have more ways to generate revenue from their content.

On Tuesday, Meta CEO Mark Zuckerberg shared via a Facebook post (and in a series of comments on that post), a few updates on monetization for creators on Facebook and Instagram. These updates included expansions to existing monetization options, as well as a few new ways to make money.

Read more
Russian hackers are targeting U.S. emails with phishing malware
hacks header

Hackers are targeting both U.S. and European email accounts with a new phishing malware, according to a study done by cybersecurity researchers at Palo Alto Networks' Unit 42.  Named "Cannon," the malware has been around since October, collecting screenshots and other information from the PCs of unsuspecting victims and sending it back to Russian operatives.

Leveraging a classic social engineering tactic, "Cannon" sends out phishing emails and involves tricking victims into opening messages about recent news events like the crash of an airliner in Indonesia. The emails also contain an attachment to an older formatted Microsoft Word document which requires the macro feature for the file to open successfully. Once the victim opens the file and enables macros, a code then executes and a trojan malware spreads and infects a computer whenever Word is closed.

Read more
Was your Facebook account hacked in the latest breach? Here’s how to find out
what facebook users should know about cambridge analytica and privacy mobile v1

After revealing that a security vulnerability discovered in late September allowed hackers to gain access to an estimated 50 million accounts, Facebook's current report suggests that the number of impacted users is closer to 30 million.

"We now know that fewer people were impacted than we originally thought," Facebook said in a blog post. "Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen."

Read more