Thousands of Facebook accounts taken over by FlyTrap malware

Android malware called FlyTrap has so far claimed more than 10,000 victims in more than 140 countries. Through social engineering, the perpetrators managed to steal session cookies and other data and thus gain access to more than ten thousand Facebook accounts. The attackers then stole all kinds of personal data and forwarded this information to Command & Control servers.

That writes cybersecurity company Zimperium . The company scans, among other things, Android applications before they end up in the Google Play Store. In addition, she regularly analyzes new viruses and other digital threats. This time, the company has written a blog about FlyTrap.

FlyTrap is malware that has been floating around the internet since last March. FlyTrap is a Trojan horse: at first glance, it appears to be a legitimate application, but in reality, it steals all kinds of personal data about users and sends it to a so-called Command & Control server.

The FlyTrap developer uses social engineering. This is a form of psychological manipulation in which he manages to incite unsuspecting victims to certain behaviour by using deception. For example, victims think they will win a prize, but in reality, their personal data is stolen.

In the case of FlyTrap, the developer came up with a rogue application that captured the imagination of users. Those who installed the app supposedly received discount coupons for services such as Netflix and Google AdWords. In another variation, gamers could vote for their favourite soccer player or soccer team, which matched the contest EA had organized for their latest mobile soccer game.

To redeem these coupons, users supposedly had to log into their Facebook account. In reality, it was nothing more than a trick to steal their credentials from the platform, other social media accounts, banks and crypto-wallets. The hijacked accounts could also be used as a botnet, for example, to spread disinformation, influence public opinion or manipulate the popularity of a product or website.

Once the FlyTrap malware is installed, a JavaScript Injection takes place. “Using this technique, the application opens the legitimate URL in a WebView configured with the ability to inject JavaScript code, and exports all necessary information such as session cookies, user account information, geographic location, and IP address by using malicious JavaScript code. inject,” said Zimperium.

Any information FlyTrap collects in this way is forwarded to the developer’s Command & Control server. According to the Zimperium zLabs Threat Research Team, the rogue application has so far caused more than ten thousand victims in more than 140 countries, including the Netherlands.

Initially, FlyTrap was distributed through the Google Play Store and third-party application stores. Zimperium reported its findings to the search engine giant and subsequently removed all rogue applications equipped with FlyTrap. The cybersecurity company warns that the malicious app is still in circulation and can be installed via side loading.

According to Zimperium, why FlyTrap has made so many victims is clear. “As with any other form of manipulation, the high-quality images and official-looking login screens are common tactics to get users to take action that could reveal sensitive information. In this case, while the user is logging into their official account, the FlyTrap Trojan hijacks the session information for malicious purposes.”

Zimperium researchers say the tools and techniques FlyTrap uses are not new, but they are effective. Smartphones often contain a wealth of information that is of interest to hackers and cybercriminals. They fear that with a few minor tweaks FlyTrap could be transformed into a dangerous Trojan that can get hold of even more highly sensitive information.

Catch up on more articles here

Follow us on Twitter here

Popular

Must read

MORE ON THIS TOPIC:

Related Posts