Ducktail, the notorious phishing company that hijacks Facebook accounts that run ad campaigns for businesses, is now spreading a brand new information theft malware.

According to researchers according to Zscaler (opens in a new tab)Ducktail previously used LinkedIn to distribute malware written in .NET Core that could steal Facebook Business account data stored in web browser and filtered it into a private Telegram channel that acted as the malware’s command and control (C2) server, communicating with target systems to coordinate cyberattacks.