A recently discovered malware dubbed Ducktail has been linked to Vietnamese threat actors. researchers from WithSecure released a report on Tuesday detailing the campaign in which the attackers use LinkedIn to steal data and admin privileges. The campaign appears to be motivated by financial gain. and has been active since late 2021. The malware uses browser cookies from authenticated user sessions to take over account, according to the report. The threat actors behind the campaign have been active since 2018, says WithSecure.
Attackers using the Ducktail malware have specific goals, such as to target individuals within companies operating on Facebook’s Business and Advertising platform. The attackers seek out individuals who have high-level access to the account such as those in managerial digital marketing, digital media, and human resources roles. The threat actors target LinkedIn users with a phishing campaign that attempts to get targets to click on a file containing the malware executable.