Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP. “We have seen SYS01stealer attacking critical government infrastructure employees, manufacturing companies, and other industries," researchers from security firm Morphisec said in a new report . "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information." This campaign has also been reported in the past by researchers from Zscaler, who attributed it to DUCKTAIL , a Vietnam-based hacker group that similarly specializes in infiltrating Facebook business accounts. However, the Morphisec researchers believe this attribution is wrong. The DUCKTAIL attacks, which have been going on since 2021, seem to be more targeted and sophisticated with the end goal of abusing the […]
K&X Design and Investment Technology, LLC
Invest The Invisible Impact
K&X Design and Investment Technology, LLC
Invest The Invisible Impact
