Facebook Business accounts are being hijacked by malware — how to stay safe

Meta logo on screen of mobile phone on Facebook word background. Facebook after rebranding and changing name to Meta.
(Image credit: Viacheslav Lopatin | Shutterstock)

WARNING! Over 1 million Facebook users' passwords compromised — what to do now.

Both individuals and organizations operating on Facebook’s Ads and Business platform are being targeted by a new malware strain that can take over their Facebook accounts.

Discovered by security researchers from WithSecure, the enterprise spin-off of the cybersecurity firm F-Secure, this new malware has been dubbed DUCKTAIL.

While it was initially discovered as an unknown malware earlier this year, WithSecure began tracking and analyzing the operation to find that DUCKTAIL has been used in the wild since the second half of 2021. 

DUCKTAIL’s operations make use of an infostealer malware component that was specifically designed to hijack Facebook Business accounts. According to WithSecure, this is the first instance of such functionality and it separates DUCKTAIL from other malware strains designed to target regular Facebook users.

The malware itself was designed to steal browser cookies and use authenticated Facebook sessions to steal information from victims’ Facebook accounts in order to hijack any Facebook Business account that targeted individuals have access to.

Finding potential targets on LinkedIn

A person logging into LinkedIn on their phone and laptop

(Image credit: PK Studio/Shutterstock)

As is the case with other cyberattacks primarily targeting business users, DUCKTAIL’s operators use the professional social networking site LinkedIn to scout for potential victims.

LinkedIn users likely to have high-level access to a Facebook Business account and especially those with admin privileges are selected. From here, the attackers use social engineering to convince potential victims to download a file hosted on a cloud storage service like Dropbox, according to a report from TechCrunch.

Besides keywords related to brands, products and project planning, these files also contain malware and when downloaded, DUCKTAIL is able to use saved browser cookies to take over a victim’s (or their organization’s) Facebook Business account.

Malware analyst and researcher at WithSecure, Mohammad Kazem Hassan Nejad provided further insight in a press release on how DUCKTAIL’s operators have been selecting targets, saying:

"We believe that the DUCKTAIL operators carefully select a small number of targets to increase their chances of success and remain unnoticed. We have observed individuals with managerial, digital marketing, digital media, and human resources roles in companies to have been targeted."

How to protect yourself and your business

A woman programmer is typing a code on computer to protect a cyber security

(Image credit: VideoFlow / Shutterstock)

If having your personal Facebook account hacked seems troubling, imagine what it’s like to lose access to your Facebook Business account. Many small business owners depend on Meta’s social network to reach their customers which is why the DUCKTAIL malware is so concerning.

Just like with other cyberattacks, WithSecure’s Nejad recommends exercising caution “when dealing with attachments or links sent from individuals you are unfamiliar with” on LinkedIn since DUCKTAIL’s operators use the platform to find new targets.

In a blog post, the cybersecurity firm Avast recommends using one of the best password managers to improve the strength of your passwords and enabling two-factor authentication (2FA) to help keep your Facebook Business account more secure. At the same time, you should also grant administrator permissions to more than one user as having another account with admin authority will prevent you from being locked out.

Finally, you should review which third-party apps are connected to your Facebook Business account and ensure that you are only allowing access to well-known applications. Likewise, it's also worth taking a look at the apps installed on your smartphone as many malicious apps are designed to steal the data necessary to take over your Facebook account.

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A hacker typing quickly on a keyboard
Thousands of WordPress sites hijacked to spread Windows and Mac malware - how to stay safe
MacBook Pro 2023
Macs under attack from North Korean malware stealing passwords and more — how to stay safe
Reddit logo and Reddit logo on phone
Hackers have created hundreds of fake Reddit sites to spread info-stealing malware
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
A hacker typing quickly on a keyboard
Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
Latest in Malware & Adware
A picture of a skull and bones on a smartphone depicting malware
Hundreds of malicious Android apps with 60 million downloads found spamming Android users with ads and stealing credentials
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Park Hae-soo as Kim Beom-jun in "Karma" on Netflix
Netflix’s latest crime thriller show just got a new trailer — and I can’t wait to see this ‘Squid Game’ star back in action
Michaela Kell (Julianne Moore) petting a bird in a promotional still from Netflix's "Sirens"
Netflix just teased a new dark comedy series with Julianne Moore, Kevin Bacon, and Meghann Fahy — here's your first look
Showing the front of a Galaxy S25 Ultra held in hand
One UI 7 will arrive late for US Samsung users — here’s when it’ll launch for you
a runner at the 2007 Barkley Marathons event putting his head in his hand
The Barkley Marathons strikes again — with just 20 finishers in history, can anyone survive 2025?
IKEA TJÄRLEK vase set of 3
IKEA just dropped its colorful new spring collection — 3 items I’ll be buying
Stephen Graham as Eddie Miller in "Adolescence"
Netflix top 10 shows — here's the 3 worth watching right now