Vietnamese Hackers Deploying New Delphi-Powered Malware to Attack Indian Marketing Professionals

    Introduction to the New Ducktail Campaign

    Researchers have recently uncovered a new campaign by Vietnamese hackers. This group, known for the Ducktail stealer malware, targeted Indian marketing professionals. From March to early October 2023, their aim was to hijack Facebook business accounts.

    Shift in Attack Strategy

    Kaspersky’s report highlights a significant change. Unlike previous .NET-based attacks, the attackers now use Delphi programming language. This marks a tactical shift in their approach. Ducktail links to other malware like Duckport and NodeStealer. It’s part of Vietnam’s growing cybercrime ecosystem.

    Targeting via Facebook Ads

    The attackers deployed malware through Facebook’s sponsored ads. Their focus was on users with access to Facebook Business accounts. This method ensured they reached their desired audience effectively.

    The Malware Delivery Process

    Targets received archive files with malware, disguised as a PDF. Opening the file triggered a sequence. It involved saving a PowerShell script and a decoy PDF. This exploit took advantage of PDF viewer settings, launching the decoy and hijacking the browser process.

    Rogue Browser Extension and Its Impact

    The malware’s final stage was alarming. It downloaded a rogue library to alter browser shortcuts. This change launched a fake browser extension, posing as a legitimate Google Docs Offline add-on. This strategic shift in Ducktail’s technique is notable.

    Actions Against the Malware Spread

    Google took legal action against individuals in India and Vietnam. They spread malware through Facebook, exploiting public interest. These social media tactics align with previous malware campaigns. Meta blocked over 1,000 URLs linked to deceptive browser extensions.

    Conclusion: The Need for Awareness and Secure Browsing

    These findings underscore the importance of vigilance. Users must be aware of social engineering tactics and prioritize secure browsing practices. The evolution of Ducktail’s techniques highlights the dynamic nature of online threats.

    Latest articles

    Related articles