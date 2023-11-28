November 28, 2023 11:41 am | Updated 11:47 am IST

Facebook Business accounts are an integral part of a businesses’ social media presence, making them a high priority target for cybercriminals looking to hijack these accounts.

Cybercriminals use a version of malware from the Ducktail family to target company employees including individuals working in fairly senior positions, HRs, digital marketing, and social media marketing.

Beware of malware hidden within archives

Cybercriminals send out malware archives to their potential victims. To reduce suspicion, the archives come with bait in the form of theme-based images and video files on a common topic.

The most recent such campaign was found using the names of big fashion industry players to send out archives containing photos of items of clothing as the bait, Kaspersky shared in a blog post.

ADVERTISEMENT

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

These archives contain executable files masked using PDF icons and very long file names, to avoid users recognising the EXE extension. File names are also carefully selected for relevance to ensure users are tempted to click on them.

Once users click on these disguised files, a malicious script is enabled on the target device. The script is designed to show contents of some PDF file embedded in the malware code. However, the real motive of the malicious code is to scan the shortcuts on the desktop, the Start menu, and the Quick Launch toolbar for Chromium based browsers including Google Chrome, Microsoft Edge, Brave, and Vivaldi.

Once the malware detects the browsers it alters its command line to install a browser extension, which is also part of the disguised PDF file.

These extensions, once installed, are capable of monitoring all tabs opened by the user in the browser. The malicious extension checks for ads and business accounts, and if it finds an address associated with Facebook, the information is then sent back to the attackers

The extension steals information, including active Facebook accounts and session cookies stored by the browser. This data can then be used to sign into accounts without authentication, allowing cybercriminals to hijack the targeted Facebook Business accounts.

How to protect business accounts against malware Users handling business accounts should never download suspicious archives onto their work computers, especially if they are sent from an unknown source. Clicking on files with an EXE extension should be avoided at all costs, especially when the files come with differing icons like documents and images. Users should carefully check file extensions of all files downloaded from the internet before opening them. Users should also regularly check their browser extensions for any suspicious additions, as they may be downloaded by malicious files.

While there is no fool-proof protection against malware attacks aimed at hijacking Facebook Business accounts. Users handling such accounts can reduce the risk by following good internet hygiene and keeping themself informed on the latest developments in the methods deployed by cybercriminals.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month

You have exhausted your free article limit. Please support quality journalism.

You have exhausted your free article limit. Please support quality journalism.

X The Hindu operates by its editorial values to provide you quality journalism.

X You have read {{data.cm.views}} out of {{data.cm.maxViews}} free articles.

X This is your last free article.