A new Android Trojan dubbed "FlyTrap" has compromised thousands of social media accounts and has the ability to capture personal information from Android devices, researchers report.
FlyTrap has appeared in 144 countries since March and spread to more than 10,000 victims via social media hijacking, third-party app stores, and sideloaded applications, say Zimperium researchers who have been tracking the threat. The team has determined that the malware is part of a family of Trojans that leverage social engineering to compromise Facebook accounts.
Evidence indicates the attack activity stems from Vietnam, where researchers say the session hijacking campaign has been ongoing since March. Malicious applications have been distributed through Google Play and third-party app stores using themes that might appeal to victims: free Netflix coupon codes, Google AdWords coupon codes, and voting for their favorite sports team.
"Initially available in Google Play and third-party stores, the application tricked users into downloading and trusting the application with high-quality designs and social engineering," researchers say.
After it's installed, the malicious app displays a page that prompt the victim's response and eventually requests they log into their Facebook account. It then hijacks the account and collects data such as Facebook ID, location, email address, IP address, and cookies and tokens linked to the account.
Compromised Facebook sessions can then be used to further distribute the malware as attackers take advantage of a victim's social credibility and send links to the Trojan or to propaganda and disinformation campaigns based on the victim's location data.
Read the full blog post for more details.