A Look Into DuckTail
DuckTail is an operation involving multiple Vietnam-based threat actors who target social media business accounts, particularly those belonging to digital marketers. The malware steals saved session cookies from browsers and is primarily spread on LinkedIn through fake job descriptions and recruiter profiles. DuckTail targets Facebook, TikTok business accounts, and Google ad accounts, with stolen accounts feeding an underground economy where they are traded among users in Vietnamese Telegram groups. Key takeaways from the article include: 1. DuckTail threat actors primarily target users working in the digital marketing and advertising space. 2. They target Facebook and TikTok business accounts, and Google ad accounts. 3. Social engineering through LinkedIn messaging is their primary distribution vector. 4. DuckTail continues to expand the list of cloud services abused for hosting and distributing payloads. 5. They exploit the popularity of generative AI platforms, such as ChatGPT and Google Bard AI, to lure victims into installing malicious software. 6. DuckTail threat actors use private residential proxy services to log in to compromised social media business accounts to prevent raising security alarms. To minimize the impact of hackers, it is recommended to manage saved payment methods in business ad accounts and make use of safeguards like daily spending limits and payment thresholds. Malware: Ducktail [View Article](https://www.zscaler.com/blogs/security-research/look-ducktail)