DuckTail Malware Spread via Fake Job Offers From Compromised LinkedIn Profiles
A malicious campaign has been discovered that uses LinkedIn messages to carry out identity theft attacks. Compromised LinkedIn accounts are used to send messages containing PDF documents disguised as job offers. These documents contain malicious links that lead to phishing websites and the download of malware. The malware, known as DuckTail, is a highly elusive form of malicious software that evades detection. It collects information about victims, communicates with a Command and Control server through a Telegram Bot, and exfiltrates data through ZIP archives. The malware also includes a Facebook Business hijacking functionality. Various Italian companies, particularly in the technology sector, have been targeted in these attacks.