Facebook Business accounts are being hijacked by malware — how to stay safe

Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

WARNING! Over 1 million Facebook users' passwords compromised — what to do now.

Both individuals and organizations operating on Facebook’s Ads and Business platform are being targeted by a new malware strain that can take over their Facebook accounts.

Discovered by security researchers from WithSecure, the enterprise spin-off of the cybersecurity firm F-Secure, this new malware has been dubbed DUCKTAIL.

While it was initially discovered as an unknown malware earlier this year, WithSecure began tracking and analyzing the operation to find that DUCKTAIL has been used in the wild since the second half of 2021. 

DUCKTAIL’s operations make use of an infostealer malware component that was specifically designed to hijack Facebook Business accounts. According to WithSecure, this is the first instance of such functionality and it separates DUCKTAIL from other malware strains designed to target regular Facebook users.

The malware itself was designed to steal browser cookies and use authenticated Facebook sessions to steal information from victims’ Facebook accounts in order to hijack any Facebook Business account that targeted individuals have access to.

Finding potential targets on LinkedIn

As is the case with other cyberattacks primarily targeting business users, DUCKTAIL’s operators use the professional social networking site LinkedIn to scout for potential victims.

LinkedIn users likely to have high-level access to a Facebook Business account and especially those with admin privileges are selected. From here, the attackers use social engineering to convince potential victims to download a file hosted on a cloud storage service like Dropbox, according to a report from TechCrunch.

Besides keywords related to brands, products and project planning, these files also contain malware and when downloaded, DUCKTAIL is able to use saved browser cookies to take over a victim’s (or their organization’s) Facebook Business account.

Malware analyst and researcher at WithSecure, Mohammad Kazem Hassan Nejad provided further insight in a press release on how DUCKTAIL’s operators have been selecting targets, saying:

"We believe that the DUCKTAIL operators carefully select a small number of targets to increase their chances of success and remain unnoticed. We have observed individuals with managerial, digital marketing, digital media, and human resources roles in companies to have been targeted."

How to protect yourself and your business

If having your personal Facebook account hacked seems troubling, imagine what it’s like to lose access to your Facebook Business account. Many small business owners depend on Meta’s social network to reach their customers which is why the DUCKTAIL malware is so concerning.

Just like with other cyberattacks, WithSecure’s Nejad recommends exercising caution “when dealing with attachments or links sent from individuals you are unfamiliar with” on LinkedIn since DUCKTAIL’s operators use the platform to find new targets.

In a blog post, the cybersecurity firm Avast recommends using one of the best password managers to improve the strength of your passwords and enabling two-factor authentication (2FA) to help keep your Facebook Business account more secure. At the same time, you should also grant administrator permissions to more than one user as having another account with admin authority will prevent you from being locked out.

Finally, you should review which third-party apps are connected to your Facebook Business account and ensure that you are only allowing access to well-known applications. Likewise, it's also worth taking a look at the apps installed on your smartphone as many malicious apps are designed to steal the data necessary to take over your Facebook account.