Ducktail Malware Targets the Fashion Industry

Ducktail’s malware campaign targets fashion industry marketing personnel by sending malicious PDF files posing as authentic product images. When the files are opened, the malware installs a browser extension that steals Facebook business account credentials and bypasses 2FA security. The malware uses a new programming language, Delphi, causing difficulties for antiviruses. Advanced detection methods and social engineering awareness is advised. Ducktail, active since May 2021, has also linked with the DarkGate RAT, exhibiting a growing complexity in attack strategies.