Researchers have discovered a new Android Trojan called FlyTrap, that can hijack Facebook user accounts in more than 140 countries by stealing session cookies. According to Zimperium's ZLabs Mobile Threat Research Team, since March 2021, the malware has spread to more than 10,000 victims via social media hijacking, third-party app stores, and sideloading apps.
The malware relies on simple social engineering tactics and tricks victims into logging into malicious apps with their Facebook credentials. The apps then collect user data associated with the social media session.
How does Android malware work?
According to the researchers, FlyTrap uses a variety of mobile apps such as Netflix coupon codes, Google AdWords coupon codes, and vote for the best soccer team or player.
Once users install the app, it will engage them and ask them to respond to various questions, and this sharing continues until a Facebook login page is shown to users, then the malware asks users to log into their Facebook account and vote to collect a coupon code or credits.
Next, the malware uses a Javascript injection to access a user's Facebook ID, location, email address, and IP address, and the stolen information is then transmitted to the FlyTrap command and control server. Ziperium also said it has warned Google about three malicious apps used to distribute the FlyTrap malware via Play Store, then Google checks to search and remove malicious apps from Play Store.
What FlyTrap can do for you?
This new Android malware can pose a threat to users' social identity by hijacking their Facebook accounts via a Trojan horse virus that infects their Android device. The malware then collects information such as Facebook ID, email address, location, and IP address. and cookies and tokens associated with your Facebook account.