New malware is targeting LinkedIn and then finding targets on both individuals’ and organizations’ Facebook Business accounts. This malware was first reported by the WithSecure cybersecurity firm. (Enterprise spin-off F-Secure): This DUCKTAIL can hijack your Facebook Business account, which uses Facebook’s Ads and Business Platform.
DUCKTAIL first surfaced earlier this year, and, after conducting various analyses and tracking, WithSecure confirmed it had been active since Q2 of 2022. It works quite identically to other malware. It spreads and is initially used to target regular Facebook users. Infostealer malware was used to create this (DUCKTAIL), which was designed to hijack the Facebook Business account. How DUCKTAIL Malware Works: It steals your session cookie from the victim’s browser and uses it to unlock a Facebook account to access individual accounts. The main goal is to take over your Facebook Business account, and this will give them access to edit credit card details and transaction information. Most likely, they will run their advertisement campaigns, and this can financially damage the company without notice.
How to Protect Your Facebook Business Account from Malware
Staying safe from such malware is important, despite using your organization’s Facebook account. This has been unnoticed for a while. They used to find you on pro-social networks like LinkedIn and target potential Facebook users. LinkedIn profiles mostly have high-level access to Facebook Business with admin privileges. Later, such social engineers (attackers) used to download the data and store it over cloud storage like Google Drive, Dropbox, iCloud, or others. The phishing process also shows your sensitive data, which includes company data, client data, and advertising dynamics.
To protect yourself, it’s important that you enable 2FA on your Facebook account. So even after getting a cookie, you still need to enter the code to access it. Also, you should review third-party apps connected to your Facebook and only allow trusted applications.
Enable 2FA on Facebook.
- Open security and login to Facebook settings that appear in the upper-right corner.
- Under settings, click on Edit and go to Two-Factor Authentication.
- Turn on 2FA to enable 2FA on Facebook.
- Follow the on-screen instructions to set up something like an approval device, text message, 2FA authenticator, physical USB key, or more.
- That’s it!
Therefore, you are advised to have a good password with a combination of upper-case characters, numbers, symbols, or more. To remember, you can use Password Manager from Google or your choice. Otherwise, you can use the Password Generator from Avast or any other based on your preference to create a unique blend of passwords to improve security.