Recently, researchers have found a new Android malware known as FlyTrap has hacked thousands of Facebook accounts across more than 140 countries. As reported by the Zimperium Labs mobile threat research team, the malware has continued to spread since March 2021. Apparently, the major sources of the spread has been: Google Play Store, third-party app stores, and sideloaded apps.
According to the reports, the malware mostly relies on simple social engineering tactics. It generally tricks victims into logging into unnecessary and malicious applications by providing their Facebook credentials. After that, those apps collect all the user data associated with that particular social media session.
So, how does FlyTrap Android malware work? According to the researchers, FlyTrap uses various mobile apps and coupon codes for Netflix, Google AdWords, and voting for the best football (soccer) team or player. The application tricks the users into downloading and trusting these malicious apps. Once it’s installed, it asks for various responses to several questions. This engagement goes on till the users are redirected to the Facebook login page. Thereafter, the malware asks the users to log in to their Facebook accounts to collect the coupon code or credits.
“All this is just another trick to mislead the user since no actual voting or coupon code gets generated. Instead, the final screen tries to justify the fake coupon code by displaying a message stating that “Coupon expired after redemption and before spending,” said Zimperium.
The list of apps include:
● GG Voucher (com.luxcarad.cardid)
● Vote European Football (com.gardenguides.plantingfree)
● GG Coupon Ads (com.free_coupon.gg_free_coupon)
● GG Voucher Ads (com.m_application.app_moi_6)
● GG Voucher (com.free.voucher)
● Chatfuel (com.ynsuper.chatfuel)
● Net Coupon (com.free_coupon.net_coupon)
● Net Coupon (com.movie.net_coupon)
● EURO 2021 Official (com.euro2021)
This Flytrap Android malware poses a threat to users’ social identity by hijacking their Facebook accounts via Trojan infecting their Android device. The malware then collects information like Facebook ID, email address, location, IP address, and cookies and tokens associated with the Facebook account.
Well, the sessions that are hijacked can then be used to spread the malware by abusing the victim’s social credibility. It can be done through personal messaging with links to the Trojan, and also propagating propaganda using the victim’s geolocation details.