Business accounts on Facebook are being hijacked by malware - how to protect yourself

Facebook Ads and Business users and organizations are both being targeted by a new malware strain that can hijack their Facebook accounts. Security researchers from WithSecure, the enterprise spin-off of F-Secure, have discovered a new malware they've dubbed Ducktail.

 Ducktail was initially discovered as unknown malware earlier this year, but secure tracked and analyzed the operation and discovered it has been used in the wild since the second half of 2021.

An info stealer malware component was specifically designed to hack Facebook Business accounts for  Ducktail. with secure says this is the first time such functionality has been added to  Ducktail, which distinguishes it from other malware strains targeting regular Facebook users.

Using browser cookies and authenticated Facebook sessions, the malware targeted Facebook Business accounts of targeted individuals to steal information from their accounts. In line with other cyberattacks targeting business users,  Ducktail's operators scout for potential victims on LinkedIn, a professional networking site.

We select LinkedIn users with high levels of access to Facebook Business accounts, especially those with admin privileges. TechCrunch(opens in new tab) reports that the attackers use social engineering to convince potential victims to download a file hosted on a cloud storage service like Dropbox.

 Ducktail uses saved browser cookies to take over a victim's (or their organization's) Facebook Business account in addition to keywords related to brands, products, and project planning.

In a press release, WithSecure's Mohammad Kazem Hassan Nejad provided further insight on how  Ducktail's operators select targets

'We have observed Ducktail operators carefully selecting a small number of targets to maximize their chances of success. We have observed people with managerial, digital marketing, and digital media roles in companies targeting.'

You wouldn't want your Facebook Business account hacked if you were worried about losing access to your personal account. Small businesses rely on Meta's social network to reach their customers, which is why the Ducktail malware is so concerning.

Similar to other cyberattacks, WithSecure's Nejad recommends exercising caution 'when dealing with attachments or links sent by unfamiliar individuals' on LinkedIn, since  Ducktail's operators are known to use the platform to locate new victims.