Ducktail Group Brings New Arsenal and Evasion Tactics to Uplift Its Attack Strategy

Ducktail
Ducktail-Group-Brings-New-Arsenal-and-Evasion-Tactics-to-Uplift-Its-Attack-Strategy

A Vietnam-based cybercrime operation named Ducktail is continuously evolving and expanding its operations against individuals and companies operating on Facebook’s Ads and Business platform.

Researchers from WithSecure have released a warning regarding fresh developments of the Ducktail infostealer. The most recent campaigns use innovative spear-phishing techniques on WhatsApp. The attackers have been using a new malware variant built with the.NET 7 NativeAOT feature but using the same code base since early September. In order to avoid being discovered, the attackers returned to self-contained.NET Core 3 Windows binaries in October.

Also Read: Cybersecurity: An ounce of Prevention Could be worth a pound of Cure

These binaries contain anti-analysis code that was copied from GitHub. It has a more reliable technique for getting access to attacker-controlled email addresses from its C2 server.

Read More: Ducktail Group Brings New Arsenal and Evasion Tactics to Uplift Its Attack Strategy

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.