The report from The Hacker News reports on several attack variants, including those using Ducktail malware: “The actors behind Ducktail, for instance, leverage lures related to brand and marketing projects to infiltrate individuals and businesses that operate on Meta’s Business platform, with new attack waves employing job and recruitment-related themes to activate the infection.”
In these attacks, potential targets are directed to bogus postings on Upwork and Freelancer through Facebook ads or LinkedIn InMail, which, in turn, contain a link to a booby-trapped job description file hosted on one of the aforementioned cloud storage providers, ultimately leading to the deployment of the Ducktail stealer malware.”
The useful report also includes screen shots from attacks.