- by AlienVault
- Public
- TLP: White
Mobile security firm Zimperium has uncovered a new family of Android Trojan applications that hijack Facebook accounts and spread the malware to other victims, including the US, Canada, Australia and Japan.
REFERENCE: https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts
https://thehackernews.com/2021/08/beware-new-android-malware-hacks.html
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
https://uk.pcmag.com/security/134975/flytrap-android-malware-used-to-compromise-facebook-accounts
TAGS:flytrap, google play, trojan, facebook, android
MALWARE FAMILY:FlyTrap
ATT&CK IDS:T1055 – Process Injection, T1566 – Phishing, T1557 – Man-in-the-Middle, T1503 – Credentials from Web Browsers
A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces.
Dubbed “FlyTrap,” the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as part of a session hijacking campaign orchestrated by malicious actors operating out of Vietnam, according to a report published by Zimperium’s zLabs today and shared with The Hacker News.
Although the offending nine applications have since been pulled from Google Play, they continue to be available in third-party app stores, “highlighting the risk of sideloaded applications to mobile endpoints and user data,” Zimperium malware researcher Aazim Yaswant said. The list of apps is as follows –
- GG Voucher (com.luxcarad.cardid)
- Vote European Football (com.gardenguides.plantingfree)
- GG Coupon Ads (com.free_coupon.gg_free_coupon)
- GG Voucher Ads (com.m_application.app_moi_6)
- GG Voucher (com.free.voucher)
- Chatfuel (com.ynsuper.chatfuel)
- Net Coupon (com.free_coupon.net_coupon)
- Net Coupon (com.movie.net_coupon)
- EURO 2021 Official (com.euro2021)
The malicious apps claim to offer Netflix and Google AdWords coupon codes and let users vote for their favorite teams and players at UEFA EURO 2020, which took place between 11 June and 11 July 2021, only under the condition that they log in with their Facebook accounts to cast their vote, or collect the coupon code or credits.