A report has been published by cybersecurity firm, WithSecure Intelligence, on an operation that targets individuals and businesses that operate on Facebook’s advertising platform and hijacking them through its website and social media platform.

The report, which was made available through the firm’s website, discusses how a group called ‘DuckTail’ (also known as DYU) managed to imitate the behavior of Facebook users and create fake websites to collect their personal information. The group would use these fake websites to access people’s Facebook accounts and post messages with certain links that end up redirecting the user to a web page owned and run by the group.

The report states that although DuckTail targets several parts of a person's life such as dating, job search or even political views, they are also capable of stealing credit card information as well as personal data.

It would also be noted from the report that this type of cyberattack doesn't only target platforms outside the US, but they are also capable of targeting US users that are on Facebook's platform.

Approximately 300,000 accounts were affected by the group's actions, and it is likely that there would be many more if DuckTail's capability to post messages on Facebook with links was not shut down by social media company in 2017. The group posted 1.5 million messages to people’s timelines which eventually triggered their respective websites to redirect people back to DuckTail which would then copy their Facebook information and send it back to a third-party trader.

‍

Source: DUCKTAIL: An infostealer targeting Facebook Business accounts - AlienVault - Open Threat Exchange