This Android trojan can hijack your Facebook account

FlyTrap: Cybercriminals use Android trojan to hijack Facebook accounts

Cybercriminals usually trap victims with a fake Netflix coupon app as bait to highjack their Facebook account.

Since the Covid-19 outbreak in early 2020, several countries have imposed periodic lockdown to control the multiple waves of the pandemic. Social distancing and self-isolation have become the new normal around the world. Many are managing office work, attending classes, and even hosting friends and family meet-up online.

With more and more people embracing virtual life on media platforms, cybercriminals devising devious techniques to prey on naive users to steal their personal and official (trade secrets) information to seek ransom and sometimes even trick people giving away their bank information.

In the latest instance, bad actors are using social engineering techniques to infect Android phones with FlyTrap trojan, reported Zimperium’s zLabs mobile threat research team.
Since March 2021, FlyTrap has spread to at least 140 countries and has infected more than 10,000 people.

The modus operandi of the cybercriminals advertise fake campaigns with free Netflix coupons and other lucrative vouchers online and ask victims to download an app on the Google Play store.

Then, they ask the user to link their Facebook account to the app to redeem the voucher to get free access to Netflix. Then, the app opens a fake webpage asking users to type in their Facebook user Id and password. But, it takes to a page showing the coupon has expired leaving the user dejected of missing a free coupon.

However, during the interaction, the cybercriminals will have injected malicious JavaScript code and this will enable the fake app to retrieve cookies, user account details, location, and IP addresses.

Again, the threat actors use the victim's identity to hoodwink more people on Facebook and steal their personal information.

Besides that, the bad actors may use the compromised data to spread misinformation and propaganda on social media platforms.

Fake Netflix voucher

"These hijacked Facebook sessions can be used to spread the malware by abusing the victim’s social credibility through personal messaging with links to the Trojan, as well as propagating propaganda or disinformation campaigns using the victim’s geolocation details. These social engineering techniques are highly effective in the digitally connected world and are used often by cybercriminals to spread malware from one victim to another," Zimperium’s zLabs team said.

It noted that this FlyTrap trojan is a handiwork of cybercriminals in Vietnam. 

The security team has reported the presence of compromised Android apps to Google and they have removed them from Play Store. However, some of them are still available as APK on third-party app stores.

Android phone users have been advised not to install apps developed by unknown publishers even on the Play store and completely avoid downloading any application directly from a website.

Also, it is also a good practice to install an anti-virus app on Android phones.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.