Facebook Accounts Hijacked by FlyTrap Malware
A New Android Threat Has Been Hijacking Facebook Accounts Belonging to Users from More than 140 Countries.
The malware, dubbed as FlyTrap works by stealing session cookies.
FlyTrap works based on a few simple social engineering tactics used to trick victims into using their Facebook credentials to log into malicious apps that are able to collect the data associated with the social media session.
The researchers from the security company Zimperium discovered the new malware and found that the stolen information was accessible to anyone who discovered FlyTrap’s command and control (C2) server.
It looks like the FlyTrap campaigns were running since March, as the threat actor used malicious applications that had high-quality design and that were distributed through Google Play and third-party Android stores.
What Was the Lure?
As a lure, the attackers were offering free coupon codes (for Netflix, Google AdWords).
In order to obtain the reward, the users had to log into the app using their Facebook credentials.
The information that was collected in this manner went to FlyTrap’s C2 server, and it seems that more than 10,000 Android users from 144 countries fell victim to this social engineering.
Aazim Yaswant from Zimperium disclosed in a blog post that FlyTrap’s C2 server had multiple security vulnerabilities that facilitated access to the stored information, and notes that social media represents a common target for threat actors.
Social media accounts can be used for fraudulent purposes like artificially boosting the popularity of pages, sites, products, misinformation, or a political message.
Just like any user manipulation, the high-quality graphics and official-looking login screens are common tactics to have users take action that could reveal sensitive information. In this case, while the user is logging into their official account, the FlyTrap Trojan is hijacking the session information for malicious intent.
It’s worth noting that without using any new or revolutionary techniques FlyTrap hijacked a significant number of Facebook accounts.