NEW DELHI: Researchers have found a new Android trojan, dubbed FlyTrap, which can hijack Facebook accounts of users in more than 140 countries by stealing session cookies. According to Zimperium’s zLabs mobile threat research team, since March 2021, the malware has spread to over 10,000 victims via social media hijacking, third-party app stores, and sideloaded applications.
The malware relies on simple social engineering tactics and trick victims into logging into malicious apps using their Facebook credentials. The apps then collect user data associated with the social media session.
How does the Android malware work
As per the researchers, FlyTrap uses a variety of mobile apps like Netflix coupon codes, Google AdWords coupon codes, and voting for the best football (soccer) team or player. Initially available in Google Play and third-party stores, the application tricked users into downloading and trusting the application with high-quality designs. Once users install the application then it will engage them and ask for a response to various questions. This engagement continues till users are shown a Facebook login page. The malware then asks users to log in to their Facebook accounts and cast a vote to collect the coupon code or credits.
“All this is just another trick to mislead the user since no actual voting or coupon code gets generated. Instead, the final screen tries to justify the fake coupon code by displaying a message stating that “Coupon expired after redemption and before spending,” said Zimperium.
What FlyTrap can do to you
This new Android malware can pose a threat to users’ social identity by hijacking their Facebook accounts via Trojan infecting their Android device. The malware then collects information like Facebook ID, email address, location, IP address and cookies and tokens associated with the Facebook account.
The hijacked sessions can then be used to spread the malware by abusing the victim’s social credibility through personal messaging with links to the Trojan, as well as propagating propaganda or disinformation campaigns using the victim’s geolocation details.