What is DUCKTAIL and how it infects devices

le DUCKTAIL is an infostealer that targets Facebook Business accounts, primarily operated by threat actors based in Vietnam. This malware is designed to steal browser cookies and exploit authenticated Facebook sessions to hijack information from victims’ Facebook accounts, ultimately aiming to take over any Facebook Business account accessible to the victim. DUCKTAIL spreads through malicious files disguised as photos or videos in PDF format, often using customized terms to lure victims into opening them. Une fois ouvert, the malicious code is triggered, initiating the installation of the malware on the system and compromising corporate and third-party accounts. The malware saves a PowerShell script and a fake PDF file to the device’s public directory, with the script opening the fake PDF, pausing, shutting down the Chrome browser, and saving deceptive browser extension files to a Google Chrome directory. The malware can alter its path for hosting the extension and sends details of open browser tabs to a command-and-control server. To bypass two-factor authentication, the malware uses Facebook API requests and a service from Vietnam. Stolen credentials are sent to a command-and-control server based in Vietnam. DUCKTAIL has been observed to use the Delphi programming language, a departure from its usual .NET application approach, making detection more challenging for security teams

Removing DUCKTAIL using Virus & Protection contre les menaces

Virus & threat protection in Windows Security, particularly through Microsoft Defender Antivirus, offers real-time protection against malware, virus, trojans, et autres menaces. It provides various scan options, including quick, plein, coutume, and offline scans, to detect and remove malicious software effectively. Try to remove DUCKTAIL by following the instructions below:

1. Open Windows Security:
   1. Click on the Start menu and select « Settings. »
   2. Go to « Update & Security » and then click on « Windows Security. »
2. Access Virus & Protection contre les menaces:
   1. In Windows Security, select « Virus & threat protection » from the left-hand menu.
3. Initiate a Scan:
   1. Under Virus & threat protection, click on « Quick scan » to perform a fast scan for malware.
   2. For a more thorough check, choose « Advanced scan » and select the type of scan you want (Full scan, Custom scan, or Windows Defender Offline scan).
4. Review Scan Results:
   1. After the scan is complete, review the results to see if any malware or threats have been detected.
   2. Follow the prompts to take action on any identified threats, such as quarantining or removing them.
5. Additional Actions:
   1. Consider running periodic scans to ensure your system remains free of malware.
   2. Keep your operating system and security software up to date to prevent future infections.

Removing DUCKTAIL using Autoruns

Autoruns is a robust tool for Windows users to oversee and regulate automatic program launches on their systems. With its detailed breakdown of autostart locations and entries, Autoruns aids in detecting and disabling malicious software like viruses and trojans. Try to remove DUCKTAIL by following the instructions below:

1. Télécharger les exécutions automatiques:
   1. Télécharger Exécutions automatiques et courir Autoruns.exe after extracting the archive.
2. Configure Autoruns:
   1. Dans l'application Autoruns, go to « Options » and ensure checkboxes are selected near « Hide Empty Locations, » « Hide Microsoft Entries, » and « Hide Windows Entries. »
   2. This step helps in focusing on third-party entries that may be malicious.
3. Identify Suspicious Entries:
   1. Search for suspicious entries with unusual names or running from locations like C:\{username}\AppData\Roaming.
   2. Right-click on any suspicious entry and choose « Delete » to prevent the threat from running at startup.
4. Check Scheduled Tasks:
   1. Switch to the Scheduled Tasks tab in Autoruns and repeat the process of identifying and deleting any suspicious entries.
5. Remove Files and Registry Keys:
   1. Click on suspicious entries and choose « Jump to Entry » to locate and remove any associated files, dossiers, or registry keys.
6. Prevent Startup:
   1. To prevent the threat from running at startup, ensure all identified malicious entries are deleted both in the Autoruns and Scheduled Tasks tabs.
7. Reboot the System:
   1. Restart your computer to ensure that the changes made using Autoruns take effect.

Removing DUCKTAIL using Microsoft Windows Malicious Software Removal Tool (MSRT)

The Microsoft Windows Malicious Software Removal Tool is a valuable utility that aids in combating prevalent malware, virus, and trojans by providing targeted removal of specific malicious software. It operates effectively as a post-infection removal tool, complementing regular antivirus software by offering a focused scan for known threats, ensuring a more secure computing environment. Try to remove DUCKTAIL by following the instructions below:

1. Download MSRT:
   1. Visit the official Microsoft page for the Malicious Software Removal Tool.
   2. Click on the « Download » button to get the tool.
2. Run MSRT:
   1. Once downloaded, open the tool by running the downloaded file.
   2. Ensure you have local administrator privileges to execute the tool effectively.
3. Scan for Malware:
   1. Follow the on-screen instructions to start scanning your system for prevalent malware, including DUCKTAIL.
   2. Choose the scan mode that suits your needs (Quick scan, Full scan, or Customize scan).
4. Review and Remove Threats:
   1. After the scan is complete, review the detailed results provided by MSRT.
   2. If DUCKTAIL or any other threats are detected, follow the prompts to remove them from your system.
5. Check Log File:
   1. Locate and review the log file generated by MSRT at %windir%\debug\mrt.log.
   2. This log file contains information about detected infections and actions taken by the tool.

The Microsoft Windows Malicious Software Removal Tool cannot replace a real antivirus product. While the tool is effective for post-infection removal of specific prevalent malware, it does not offer real-time protection like antivirus software, which actively prevents malicious software from running on a computer. It is crucial to install and use an up-to-date antivirus product alongside the Malicious Software Removal Tool for comprehensive protection against malware.

Removing DUCKTAIL using Antimalware Tool

Outil anti-malware recommandé:

• Pour Windows:
• Pour Mac

Essayez SpyHunter

SpyHunter est un outil puissant capable de garder votre Windows propre. Il rechercherait et supprimerait automatiquement tous les éléments liés aux logiciels malveillants. Ce n'est pas seulement le moyen le plus simple d'éliminer les logiciels malveillants, mais aussi le plus sûr et le plus sûr. La version complète de SpyHunter coûte $42 (vous obtenez 6 mois d'abonnement). En cliquant sur le bouton, vous acceptez EULA (Accord d'utilisateur) et Politique de confidentialité. Le téléchargement commencera automatiquement.

Télécharger SpyHunter

Essayez SpyHunter pour Mac

SpyHunter pour Mac supprime complètement toutes les instances des virus les plus récents de Mac/MacBook et Safari. D'ailleurs, le nettoyeur peut aider à optimiser Mac OS et à libérer de l'espace disque. Compatible avec toutes les versions de MacOS. La version gratuite de SpyHunter pour Mac vous permet, sous réserve d'une période d'attente de 48 heures, une correction et une suppression pour les résultats trouvés. La version complète de SpyHunter coûte $42 (vous obtenez 6 mois d'abonnement). En cliquant sur le bouton, vous acceptez EULA (Accord d'utilisateur) et Politique de confidentialité. Le téléchargement commencera automatiquement.

Télécharger SpyHunter pour Mac

Removing the DUCKTAIL involves a series of steps that require advanced IT skills. Cependant, automated tools like SpyHunter can help simplify the process. If you suspect your system is infected, it’s recommended to run a scan with SpyHunter for Windows to automatically eliminate the infiltrated malware.