Android Trojan compromises Facebook Accounts
A new Android Trojan identified as the FlyTrap has been found to compromise around 10,000 users’ Facebook accounts in 144 countries since March this year. This practice was carried through apps from Google Play Store and other application distribution services.
Zimperium’s zLabs states that FlyTrap seems to be associated with the Trojan umbrella, which makes use of social engineering tricks to breach Facebook accounts as part of a session hijacking campaign composed by threat actors operating out of Vietnam.
The security specialist found 9 apps on Google Play that were malicious, and so they were removed immediately. These are still available on other app stores, and hence the threat persists. Aazim Yaswant, the malware researcher at Zimperium, also claimed that this practice points out the risk sideloaded applications pose on mobile endpoints and user data. These apps include:
- GG Voucher (com.luxcarad.cardid)
- Vote European Football (com.gardenguides.plantingfree)
- GG Coupon Ads (com.free_coupon.gg_free_coupon)
- GG Voucher Ads (com.m_application.app_moi_6)
- GG Voucher (com.free.voucher)
- Chatfuel (com.ynsuper.chatfuel)
- Net Coupon (com.free_coupon.net_coupon)
- Net Coupon (com.movie.net_coupon)
- EURO 2021 Official (com.euro2021)
To attack the users, the threat actors used tactics such as tagging free Netflix and Google AdWords coupon codes with voting for the best soccer team or player by logging into their Facebook accounts. The purpose of the apps was to make the user download and trust the application. Once installed, the app displays pages that keep the users hooked by asking them responses for certain things.
Zimperium also pointed out that users believe that logging into the right domain is secure, no matter whichever application is used. And this misconception is exploited by the threat actors where in this case, users from 144 countries were impacted. According to them, these accounts can be a roadway to further abuses like heightening the popularity of pages, spreading misinformation, or promoting any political agenda.