Skip to main content

This new malware is targeting Facebook accounts – make sure yours is safe

In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.

The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.

Facebook logo appears with a hooded figure over a cracked blue background.
Image used with permission by copyright holder

An in-depth account of how Ducktail works was shared by Bleeping Computer. The first version relied on a LinkedIn campaign, with hackers posing as marketing and human resources professionals to deliver PHP malware under the guise of useful information. The latest Ducktail is seeded on file-sharing networks that host cracked software, games, adult videos, and anything of a forbidden nature.

This is likely the reason for the broader scope of the malware, which has moved beyond Facebook Business accounts to harvest browser data, cryptocurrency wallets, and any personal Facebook account data that might be of use, including names, contact emails, phone numbers, and more.

You can’t detect the PHP malware on your disk drive, even though it’s human-readable code because it’s compressed and stored in Base64, then expands in memory before running. Your computer might have plenty of useful PHP scripts in place, so deleting all PHP could be a hasty decision. Instead, you should wait for the latest update to your antivirus software to detect and purge this nasty variant.

As usual, the best way to protect yourself from cybersecurity attacks is to avoid risky behaviors. That means using caution when downloading files from the internet. If something seems too good to be true, it might be a trick to get you to install malware on your computer. Stay alert to keep your accounts, data, and money safe.

Editors' Recommendations

Alan Truly
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
Your Facebook account could get multiple profiles for different interests
The Facebook home page on a screen.

Facebook is testing a way to give its users more profiles per account, ostensibly to give users more opportunities for sharing posts and keeping up with the platform's content.

On Thursday, Bloomberg reported that Meta (Facebook's parent company) would begin experimenting with letting some Facebook users generate up to four other profiles in addition to their main account's profile.

Read more
Oh great, new malware lets hackers hijack your Wi-Fi router
The Linksys Hydra 6 dual-band mesh WiFi 6 router.

As if you didn't already have enough to worry about, a new report finds hackers are targeting home Wi-Fi routers to gain access to all your connected devices.

The report comes from Black Lotus Lab, a security division of Lumen Technologies. The report details several observed real-world attacks on small home/home office (SOHO) routers since 2020 when millions of people began working from home at the start of the COVID 19 pandemic.

Read more
The new ways Meta will pay you to make content for Facebook and Instagram
facebook hacked

Creators on Facebook and Instagram will soon have more ways to generate revenue from their content.

On Tuesday, Meta CEO Mark Zuckerberg shared via a Facebook post (and in a series of comments on that post), a few updates on monetization for creators on Facebook and Instagram. These updates included expansions to existing monetization options, as well as a few new ways to make money.

Read more