Be careful if you use Facebook and also have Android – and also with Netflix coupons: According to the cybersecurity expert company Zimperium, a new Trojan for Android codenamed FlyTrap has reached at least 140 countries since March 2021 and has spread to more than 10,000 victims through the hijacking of social networks, third-party app stores, and side-loaded apps.
Zimperium’s zLabs Mobile Threat Research teams recently found several previously undetected apps using Zimperium’s z9 malware engine and on-device detection. After your forensic investigation, the zLabs team determined that this previously undetected malware “he is part of a family of Trojans that use social engineering tricks to compromise Facebook accounts. “
Yes: Your Facebook account is stolen. According to the forensic evidence of this Trojan malware for Android – baptized as FlyTrap by Zimperium- these point to its origin coming from several “malicious groups in Vietnam that have been running this session hijacking campaign since March 2021”.
These malicious applications were distributed “initially both through Google Play and third-party app stores “. Zimperium zLabs reported the findings to Google, which verified the research provided and removed the malicious apps from the Google Play store. However, these tainted apps “They are still available in third-party digital stores.”
The fake Netflix coupon
The mobile application threatens the victim’s social identity by hijacking their Facebook accounts through a Trojan that infects their Android device. Information collected from the victim’s Android device includes:
- ID de Facebook
- Email address
- IP adress
- Cookies and tokens associated with the Facebook account
These hijacked Facebook sessions can be used to spread malware by abusing the victim’s social credibility through personal messages with links to the Trojan, as well as launching propaganda or disinformation campaigns using geolocation data of the victim.
How does the FlyTrap Trojan work? The malware authors used various themes that users would find attractive and highly socially engineered, such as:
- Free Netflix Coupon Codes
- Google AdWords coupon codes
- Voting for the best soccer team or player
Initially available on Google Play and third-party stores, the app tricked users into downloading and trusting it with high-quality designs and social engineering. After installation, the malicious application displays pages that attract the user and they ask you for an answer, like the ones shown below.
10 victims in 144 countries
The deception continues until the user is shown the Facebook login page and asked to log into their account to cast their vote or collect the coupon code or credits. All of this is just another trick to fool the user, as no actual coupon or voting code is generated. Instead, the final screen tries to justify the fake coupon code by displaying a message that says “The coupon has expired after redemption and before spending. “
The exposed database contains the geolocation information of several thousand victims, from which the victimological map shown below was generated. The Zimperium zLabs team found more than 10,000 victims in 144 countries to date, illustrating the impact of the social engineering campaign.