👾 Ducktail Malware Hits Meta 🦆
Meta ad accounts are getting hacked and used to run ads on the stolen accounts' dime. It's known as the Ducktail malware and two factor or hardware key authentication won't help (in part because Meta is a dumpster fire when it comes to the implementation of these security measures).
The Today in Digital Marketing podcast has an interview snippet with a firm that suffered hacks twice.
The first was years ago and used a compromised grammar browser plugin to gain access. The lesson: be wary of the permissions plugins ask for. The firm does not use the TikTok or Twitter pixel helper plugins because of what they ask to gain access to (Google and Facebook are fine (for now)).
But the hackers have evolved.
Beware messaging apps. The recent round of exploits deliver the malware payload via links in apps like WhatsApp. It then installs an invisible browser that screen scrapes credentials and steals cookies to gain access. Once access is gained, bogus Gmail accounts are added as admins and finance managers.
The previously hacked company has implemented these mitigation steps:
- Don't use SMS 2FA
- Regularly review all active sessions on the account
- Regularly review all connected apps
- Limit admin access to only the necessary people
- Try to avoid Gmail accounts and use trusted domains (like Google Ads)
- Rethink your LinkedIn job title (appears to be how they identify targets)
It appears to be PC only so far (it recently swtiched to using the .NET framework), so use a good anti-virus and don't click on suspicous links. Ever. Those last two recommendations should be table stakes when using an internet-connected computer.