Android FlyTrap Trojan malware aims to take over Facebook accounts

By Satsuki Then/Aug. 11, 2021 6:29 am EST

Malware is a common problem for computer and mobile device users. Malware can target various assets of the target device, including social media accounts, banking information, and credit card information, among other data. A new Android Trojan malware called FlyTrap has impacted Android users in at least 140 countries since it was first seen in March.

According to security research firm Zimperium, FlyTrap has impacted 10,000 users worldwide using social media hijacking, third-party app stores, and side-loaded applications. Zimperium reports that its research team recently discovered previously undetected Android applications infected with FlyTrap. A forensic investigation discovered the malware is part of a family of Trojans that rely on social engineering to compromise Facebook accounts.

Facebook accounts are often the target of hackers because they can take over the friends list and spam users with offers for products and spread the malware further. Investigation into the origins of FlyTrap suggests its operators are based in Vietnam and have been in operation since March 2021. Malicious apps were initially distributed containing malware through Google Play and various third-party app stores.

Zimperium reported its findings to Google, and after the research was verified, malicious applications were removed from the store. However, malicious applications infected with the malware are still available on third-party app stores. Researchers warn their findings highlight the dangers in downloading and installing apps from third-party stores.

FlyTrap can hijack Facebook accounts and collect specific types of information. Data collected from the infected device includes the Facebook ID, location, email address, IP address, and cookies and tokens associated with the Facebook account. FlyTrap uses the hijacked Facebook accounts to spread malware via personal messaging with links to the Trojan, and it uses the hijacked account to spread disinformation. Apps spreading the malware typically offer services like Netflix coupon codes, Google AdWords coupon codes, and the ability to vote for the best soccer teams and players.