FlyTrap Trojan Malware Hacks Into Thousands of Facebook Accounts

August 10, 2021 By Nick Anderson No Comments 5 minutes

An Android Malware FlyTrap is making rounds on the Google Play Store and preying on unsuspecting victims. It’s not uncommon to hear about malicious apps. But alarming still, the malware has been infecting users since March 2021.

Malware comes in different forms and can be distributed in several ways. One of the most common ways is through apps or websites that claim to offer something very exciting like freebies. Such apps and websites serve as a honeypot for attracting users to infect them with malware. 

What is the FlyTrap Trojan Malware?

Research conducted by Zimperium has unearthed the existence of malware that has been making rounds on the Google Play Store for many months now. Zimperium’s zLabs research team has coined the Android malware “FlyTrap”.

FlyTrap is a Trojan that is distributed through several malicious applications that lure victims by claiming to offer free Netflix coupon codes, Google Adwords coupons codes, and such. Basically, hackers develop avenues that are likely to catch the attention of the average user. After all, who doesn’t love a free Netflix subscription or gift cards for online shopping? 

The Android malware has been noted to originate from Vietnam and has thus far claimed a shocking 10,000+ users located in 144 countries worldwide. According to the report, the malware has been operating since March 2021. It speaks about the strength and success of social engineering techniques in spreading malware at such a rapid speed. 

What is a Trojan?

A Trojan is a program that appears to be legitimate but actually hides harmful code underneath. It could be a program like Skype downloaded from a third-party source on the internet. But instead of installing Skype on your device, the program installs malware when executed. It could also be bundled the malware with the program and installed in the background to avoid detection. 

Social engineering techniques like Phishing are a common way that attackers use to trick you into downloading Trojan. Because a Trojan is simply a malicious program that appears to be safe, it can bypass the safety filters of consciousness. 

How Does FlyTrap Malware Works?

Although Google has taken the reported applications off the Play Store, they are still available on third-party sources on the internet. Not only that, more applications acting as Trojan may emerge in the future. Hence you need to learn how the FlyTrap malware works and how to prevent it from affecting you.

(Image credits: Zimperium)

FlyTrap works by stealing your Facebook information like Facebook ID, email address, IP address, location, and cookies and tokens used by your Facebook account. The app promises to deliver free codes to you after you follow a few steps. Once you reach the WebView page that directs you to log in to your Facebook account, the malicious JavaScript will come into action and steals the information as mentioned above, especially cookies. 

Websites and applications use cookies to identify you. It contains small information about you, like device and IP address, to maintain persistence in the web and app experience. Session cookies (or Tokens) are generated when you log in to your account so that the following requests do not require validation. 

An attacker can impersonate you and gain unfettered access to your Facebook account by stealing the session cookies. The attacker can use this opportunity to spread Phishing links to your friends and family. As the messages will come from you, the Phishing attempt is more likely to succeed. 

The exfiltrated information is sent to a Command & Control (C&C) server. It basically refers to the mothership through which malware can receive commands remotely, such as updating itself to prevent detection. 

How to Prevent FlyTrap Malware Attack

• The number one rule that you must etch in your mind is to never download applications from unknown sources. Although Trojans exist on official sources like the Play Store, you are more likely to encounter malware from unknown third-party websites. 
• Do not fall for such scams. Hackers craft apps that promise to deliver free stuff without spending a penny. It is a classic move to garner mass attention and distribute malware. 
• Keep your anti-virus up-to-date. New malware signatures will prepare the anti-virus to detect and fight against new threats. Investing in a robust anti-virus is crucial if you want to keep your device and its data protected. For example, Zimperium zIPS is able to flag the FlyTrap Trojan as a suspicious app. 
• Be very careful about downloading attachments from unknown senders. Phishing emails create a sense of urgency and lure you to click on a link or download an attachment. More detailed social engineering can include familiar-looking email addresses (though they will still be an alphabet off from the real email address) or a piece of information that you will not expect an outsider to know. 
• Use a VPN to safeguard your internet activity on unsecured networks. A hacker may attempt to redirect you to fake web pages designed to steal your information.

Conclusion

The report lays out extensive research into how FlyTrap Trojan works, including the addresses to its C&C servers. You can also take note of the applications that FlyTrap Trojan uses and stay vigilant against them. 

Subscribe to Newsletter

Receive the trending posts of the week and the latest announcements from FastestVPN via our email newsletter.

Email Address