A new report from Cybersecurity firm Zimperium, identified a new Android Trojan named “FlyTrap.” The malware has been able to compromise Facebook accounts of over 10,000 users from 144 countries including the Philippines.
The trojan was able to propagate through "social media hijacking, third-party app stores, and sideloaded applications" since March this year.
The threat actor was able to lure victims via malicious applications that offer Netflix and Google Adword Coupons. Other applications include invitations to vote for favorite teams and players at the UEFA EURO 2020. All these malicious applications would require the victim to login their Facebook accounts.
The malicious apps used Facebook Single Sign-On (SSO) and then relied on JavaScript Injection to steal all user information such as Facebook ID, location, email address, IP address, cookie and tokens associated with the Facebook account.
Zimperium's Aazim Yaswant said: “These hijacked Facebook sessions can be used to spread the malware by abusing the victim’s social credibility through personal messaging with links to the Trojan, as well as propagating propaganda or disinformation campaigns using the victim’s geolocation details. These social engineering techniques are highly effective in the digitally connected world and are used often by cybercriminals to spread malware from one victim to another.”
As of this posting, the malicious apps have been already removed in the Google play app store.