New Android Trojan FlyTrap Hacks Thousands of Facebook Accounts

Researchers have discovered a new Android trojan whose main goal is to hack Facebook user accounts and spread disinformation using them. Since March 2021, this malware has managed to compromise over ten thousand accounts belonging to citizens in 144 countries.

How FlyTrap Spreads

The method used to deliver the malicious app is all too familiar to experts: fake apps in the Google Play Store and other app marketplaces. The trojan has been named “FlyTrap,” and specialists had not previously observed it in attacks.

After analyzing the malware, researchers from Zimperium zLabs concluded that it belongs to a family of trojans that use social engineering to hack Facebook accounts. According to their report, the operators behind FlyTrap are based in Vietnam.

Fake Apps to Watch Out For

Google has already removed nine apps spreading the new trojan from the Play Store, but they can still be freely downloaded from third-party app stores. Here is a list of fake apps you should be cautious of:

• GG Voucher (com.luxcarad.cardid)
• Vote European Football (com.gardenguides.plantingfree)
• GG Coupon Ads (com.free_coupon.gg_free_coupon)
• GG Voucher Ads (com.m_application.app_moi_6)
• GG Voucher (com.free.voucher)
• Chatfuel (com.ynsuper.chatfuel)
• Net Coupon (com.free_coupon.net_coupon)
• Net Coupon (com.movie.net_coupon)
• EURO 2021 Official (com.euro2021)

The creators of these apps attract users with codes and coupons for Netflix and Google AdWords, as well as the opportunity to vote for favorite teams and players in UEFA EURO 2020.

How FlyTrap Steals Data

FlyTrap is designed to immediately steal the victim’s Facebook ID, location, email address, IP address, as well as cookies and tokens as soon as it infects the system. To do this, it uses the well-known technique of JavaScript code injection.