[MART] - Daily Diary #561 - DuckTail Info Stealer

[CTAS-MAT]

Hello,

I hope everyone is doing well!

Below is the entry for today.

07/27/2022 - Diary entry #561:

Today, we are going to cover a recently disclosed info stealer named DuckTail.

DuckTail is an info-stealing operation that targets Facebook’s business and Ads accounts. Its goal is to steal browser cookies and take control of authenticated Facebook sessions to steal information from the victim's account and get access to any other Facebook Business accounts.

To approach their targets, some of their victims were contacted via LinkedIn, where it’s easier to know whose employee has access to the company’s business account. Then, the threat actors sent a link to download the info stealer payload, a .NET malware. Finally, all the exfiltrated data is sent to a Telegram channel as Command & Control.

DuckTail is an example of an operation that targets a specific service, suggesting that the threat actors are focused on committing scams related to Business accounts that could potentially cause more damage.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220727/4323d73a/attachment.htm>