Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Fake jobs on Upwork and Freelancer as a means of distributing malware.
Cybersecurity specialists from WithSecure and Zscaler ThreatLabZ report a growing threat from a Vietnamese cybercrime syndicate that actively uses Facebook advertising campaigns to distribute malware.
According to experts, scammers have long used fake ads to attack users in order to spread scams and malware. With the advent of social networks and their active use by businesses for advertising, attackers have a new profitable method of attack-hijacking business accounts.
The problem has become particularly acute over the past year on Facebook. Both ordinary users and business account owners are exposed to attacks. Groups from Vietnam such as Ducktail and Duckport are responsible for the attacks.
Attackers use a variety of methods to gain unauthorized access to user accounts. Social engineering is particularly active: victims are attacked through various platforms, including Facebook, LinkedIn and WhatsApp, as well as through freelance platforms such as Upwork.
Common features of these groups of cybercriminals are the use of link shortening services, the use of Telegram for managing and controlling infected devices, and cloud services such as Trello, Discord, and Dropbox for hosting malicious files.
One of the most active and dangerous participants in this illegal business is the Ducktail group. It uses various methods to spread its malware, including fraud through fake jobs on Upwork and Freelancer. After clicking on the link, the victim downloads the infected file, which then installs the Ducktail malware.
The group specializes in stealing stored cookies from browsers in order to then hijack business accounts on Facebook, which are then sold on the black market at prices ranging from $15 to $340.
Hackers are constantly modifying their methods and tools. Ducktail recently added a feature that allows you to kill processes that block browser databases. This feature is often found in ransomware because files used by processes or services cannot be encrypted.
In addition to Ducktail, there is a new player in the arena — Duckport. Active since March 2023, this Ducktail clone also specializes in data theft and hijacking Facebook accounts.
Experts from WithSecure warn that such intersections between different threat actors indicate active working relationships between groups and the formation of an extensive cybercrime ecosystem in Vietnam. The study is a serious reminder of the need for increased caution when interacting with advertising and other types of messages in social networks, especially for business account holders.
Cybersecurity specialists from WithSecure and Zscaler ThreatLabZ report a growing threat from a Vietnamese cybercrime syndicate that actively uses Facebook advertising campaigns to distribute malware.
According to experts, scammers have long used fake ads to attack users in order to spread scams and malware. With the advent of social networks and their active use by businesses for advertising, attackers have a new profitable method of attack-hijacking business accounts.
The problem has become particularly acute over the past year on Facebook. Both ordinary users and business account owners are exposed to attacks. Groups from Vietnam such as Ducktail and Duckport are responsible for the attacks.
Attackers use a variety of methods to gain unauthorized access to user accounts. Social engineering is particularly active: victims are attacked through various platforms, including Facebook, LinkedIn and WhatsApp, as well as through freelance platforms such as Upwork.
Common features of these groups of cybercriminals are the use of link shortening services, the use of Telegram for managing and controlling infected devices, and cloud services such as Trello, Discord, and Dropbox for hosting malicious files.
One of the most active and dangerous participants in this illegal business is the Ducktail group. It uses various methods to spread its malware, including fraud through fake jobs on Upwork and Freelancer. After clicking on the link, the victim downloads the infected file, which then installs the Ducktail malware.
The group specializes in stealing stored cookies from browsers in order to then hijack business accounts on Facebook, which are then sold on the black market at prices ranging from $15 to $340.
Hackers are constantly modifying their methods and tools. Ducktail recently added a feature that allows you to kill processes that block browser databases. This feature is often found in ransomware because files used by processes or services cannot be encrypted.
In addition to Ducktail, there is a new player in the arena — Duckport. Active since March 2023, this Ducktail clone also specializes in data theft and hijacking Facebook accounts.
Experts from WithSecure warn that such intersections between different threat actors indicate active working relationships between groups and the formation of an extensive cybercrime ecosystem in Vietnam. The study is a serious reminder of the need for increased caution when interacting with advertising and other types of messages in social networks, especially for business account holders.
