Beware: A new Android trojan steals Facebook accounts

Beware: A new Android trojan steals Facebook accounts

A warning has been issued among Facebook for Android users –– a new trojan malware is infecting Android smartphones across the world.

What does the trojan do? It steals users’ personal details as well as their Facebook accounts.

Unfortunately, the Android trojan is codenamed FlyTrap, and it has now reached at least 140 countries since its inception in March 2021.

What’s worse? There are at least 10,000 victims of a takeover of their social media networks, third-party app stores, and side-loaded apps.

READ:

Users are warned against an Android trojan called FlyTrap

The Android trojan malware was initially discovered by cybersecurity folks from Zimperium’s zLab.

According to its security team, the new trojan called FlyTrap has already infected at least 144 countries and over 10,000 devices. Also, the team has traced FlyTrap to a well-known malware group that is based in Vietnam.

The group distributes malware in different ways, including through apps the group has created and published in the Play Store as well as third-party Android app stores.

Once the Android trojan malware is active on the victim’s device, it will then collect the users’ personal data such as:

  • Location data
  • IP addresses
  • Email addresses
  • Facebook IDs, cookies, login tokens, and more.

In a report published by the security team, this formerly undetected malware “is part of a family of Trojans that use social engineering tricks to compromise Facebook accounts.“

Yes, the malware can go as far as stealing your own Facebook account from you.

FlyTrap tricks users into logging into Facebook
FlyTrap tricks users into logging into Facebook

But it is not only Facebook that has been under attacked. Hackers also set out fake ads promising free Netflix coupons, Google AdWords couples, and get this, even tickets to a soccer match.

What happens when users engage in these ads?

The app will ask the user to log in using their Facebook log-in credentials to claim the free promo. And when they do claim the offer, they will be disappointed to find out that the offer has apparently already expired.

Now, it is important to note that these fake ads are not using fake login pages to phish their victim’s accounts. Instead, these fake ads or offers get the user’s Facebook data using Javascript injection. This method still works even when users are not on Facebook’s real login page.

And that is why FlyTrap is such a dangerous threat. The malware can rapidly spread across many users via what seems to be legitimate apps and links.

At that moment, the malware is stealing users’ personal information. But, it can quickly evolve and can be used in more dangerous ways.

How can you protect yourself from the FlyTrap malware?

Good thing, Google has already removed the malicious apps from Google’s Play Store in response to zLab’s report. Also, the apps are no longer active on the Android devices that installed them.

But a word of caution: these apps can still be available via third-party websites. Sadly, none of the apps are directly associated with Zimperium’s report so it’s hard to tell whether it’s best to stay away from such apps.

Overall, these malicious ads and apps are still very much active in the wild. Android users are advised to keep an eye out.

Here are some ways to protect yourself:

Leave a Reply

Your email address will not be published. Required fields are marked *