Social media has been the favorite haunt for hackers forever. Facebook is often the first to be victimized besides Twitter. A new onslaught analysed by cybersecurity provider WithSecure Intelligence shows that hackers are now targeting FB business users to steal sensitive data from these accounts.
Using Facebook’s Meta Business Suite, companies can appoint specific employees to communicate with customers, promote products and services and create ads for FB campaigns.
The latest, malicious attack is christened ‘Ducktail’. Through the attack, cybercriminals look for businesses that use FB’s Business/Ads platform and target people in the company who might have high-level role-based access to the business accounts.
Among the employees targeted in this vicious campaign are ones in management, digital marketing, digital media, and human resources, according to WithSecure.
How does it work?
Hackers deploy malware to the unsuspecting potential victims, often delivered through LinkedIn and hosted on cloud-based services such as Dropbox and iCloud. The malware is packaged as an archive file that contains documents, images, and videos with names like “Project Development Plan” and “Project Information”. The files are engineered to lure people into opening them and unleashing the malware.
Once installed firmly, the malware scans for the following browsers: Google Chrome, Microsoft Edge, Brave, and Firefox. For each browser, Ducktail extracts all stored cookies, including for a Facebook session.
Using that cookie, the malware then connects with different Facebook endpoints to access information from the user’s Facebook account.
For personal Facebook accounts, the malware seeks to snatch the user’s name, email address, birth date, and user ID. For business accounts, it digs out the name, verification status, ad account limit, owner, role, and names of clients. And for associated Facebook ad accounts, it looks for the name, ID, account status, payment cycle, currency, and amount spent.
Finally, cyber fraudsters acquire administrator rights and finance editor roles on the victim’s Facebook business account. When done, they can fully control the account, access, and modify credit card information, transactions, invoices, and payment methods.
The ducktail attack is among the many cyberattacks taking place on social media users, but the first that particularly attacks business users.