James_inthe_boxDec 8, 2023

A #malware (which name I just can't remember) at:

http://hedam[.]shop/simple/Enquiry.7z

maybe #ducktail?

https://app.any.run/tasks/f8d6b4fc-637e-41a2-9470-29a7dba37c05

Analysis Enquiry.exe (MD5: 52A5DC40D2942D6776A15366797AC5A6) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

Captain CyberbeardNov 26, 2023
🌊🏴‍☠️ Dive into the digital depths with our latest blog on Ducktail malware. Learn how this cyber pirate targets Facebook accounts and how to stay safe. 🛡️💻 #CyberSecurity #Ducktail #CyberPirate #stealer🔗 https://cybercorsair.blogspot.com/2023/11/sailing-cyber-seas-navigating.html
SAILING THE CYBER SEAS: "Navigating the Treacherous Waters of Ducktail Malware"

Explore the perilous journey of Ducktail malware in the cyber seas, a digital pirate threat targeting Facebook business accounts.

Sekoia.ioNov 20, 2023

#DarkGate gained popularity among threat actors (e.g: #TA577, #DuckTail), our #RE analysis details the internals of the malware, how it implements technique to evade defenses: Union-API, token theft via UpdateProcThreadAttribute, APC injection.

https://blog.sekoia.io/darkgate-internals/

DarkGate Internals

Introduction & Objectives DarkGate is sold as Malware-as-a-Service (MaaS) on various cybercrime forums by RastaFarEye persona, in the past months it has been used by multiple threat actors such as TA577 and Ducktail. DarkGate is a loader with RAT capabilities developed in Delphi with modules developed in C++, which gained notoriety in the second half […]

Sekoia.io Blog
Ali Zartash LloydOct 27, 2023

DUCKTAIL Malware Employs LinkedIn Messages to Execute Attacks

It is hidden in a PDF attachments with links to malware websites, so the old advice still stands "DO NOT click on links" 🤷‍♂️

#malware #LinkedIn #ducktail

https://gbhackers.com/ducktail-malware-linkedin/

DUCKTAIL Malware Employs LinkedIn Messages to Execute Attacks

LinkedIn messages were used as a way to launch identity theft attacks in a malicious…

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Show threadWithSecureMay 8, 2023

Anyone interested in learning more about #DUCKTAIL can read the research into this #malware and operation here --> https://labs.withsecure.com/publications/ducktail-returns

and here -->
https://labs.withsecure.com/publications/ducktail-returns

DUCKTAIL returns: Underneath the ruffled feathers | WithSecure™ Labs

In short, the operation consists of an information stealer malware that is delivered to targeted victims that primarily operate in the digital marketing and advertisement space.

WithSecureMay 8, 2023

Last year, our Mohammad Kazem Hassan Nejad discovered #DUCKTAIL--malware used by a Vietnam-based threat actor to hijack Facebook Business accounts.

Meta has announced a cease-and-desist letter to the operators, & added new Business security features. https://engineering.fb.com/2023/05/03/security/malware-nodestealer-ducktail/

The malware threat landscape: NodeStealer, DuckTail, and more

We’re sharing our latest research and analysis into malware campaigns that are targeting online businesses — including newer malware posing as AI tools.

Engineering at Meta
Joe StoneMar 26, 2023

Ahh. Nature.

#photography #nature #duck #ducktail #ducktales #canon #ptdefiance #tacoma

Today in Digital MarketingJan 6, 2023

On today’s show (releases at 4pm PT):
🚨 The #Ducktail #malware that hacks #Meta ad accounts
🍪 #Pinterest's "clean room"
💼 Twitter fires ad platform engineers
🛒 Online shopping hits new record
💤 The TikTok feature none of us wanted (but probably all of us need)
https://todayindigital.com/

#marketing #marketingnews #retail #adagency #agencylife #advertising #ads #mediabuying #business

Digital Marketing Podcast — Today in Digital Marketing (daily)

A fast-paced daily 10-minute marketing news podcast covering everything you missed in the world of digital marketing, e-commerce, and social media that day. And nothing else. Hosted by Tod Maffin.

Tod Maffin 🇨🇦Jan 6, 2023

The Ducktail malware can bypass two-factor authentication, hack into your Meta ad accounts, and start spending millions of dollars on your company's (or client's) credit card.

#ducktail #metaads #mediabuying #facebookads

https://www.linkedin.com/pulse/terrifying-malware-targeting-meta-ad-accounts-tod-maffin

The Terrifying Malware Targeting Meta Ad Accounts

It is the malware that's terrifying digital marketers. It's called Ducktail — and, with a pinch of social engineering, it can get into your Meta ad accounts and start spending millions of dollars on your company's credit card.

Security AffairsNov 23, 2022
#Ducktail information stealer continues to evolve
https://securityaffairs.co/wordpress/138894/cyber-crime/ducktail-information-stealer-evolution.html
#securityaffairs #hacking #hacktivists
Ducktail information stealer continues to evolve

The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn. In late July 2022, researchers from WithSecure (formerly F-Secure Business) discovered an ongoing operation, named DUCKTAIL, that was targeting individuals and organizations that operate on Facebook’s Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated […]

Security Affairs