Android users beware: a new trojan malware is infecting smartphones all over the world, stealing personal data and compromising Facebook accounts.
The new trojan, known as FlyTrap, has infected over 10,000 devices in at least 144 countries, according to a recent report published by cybersecurity firm Zimperium’s zLab mobile security team. Once installed on a user’s device, it can collect personal data such as:
- Location data
- IP addresses
- Email addresses
- Facebook IDs, cookies, login tokens, and more.
Related: How to enable passwordless to Log In to Windows Without a Password
The hackers can then take over the user’s Facebook account and use it to send more phishing links to the user’s contacts via direct messages and posts, or send them links to sites that contain even more dangerous malware.
FlyTrap was traced back to a known malware group based in Vietnam, which distributes the malware in a variety of ways, including through apps created by the group and published on the Google Play store and other third-party Android app stores.
Related: How to Tell If Your iPhone or iPad Is Infected With Pegasus Spyware
Hackers have also used bogus ads promising free Netflix codes, Google AdWords coupons, or even soccer tickets to launch attacks. If a user clicks on the ad, the app will prompt them to sign in with their Facebook account in order to claim the free offer—only to discover that the “offer” has expired.
It’s worth noting that these phishing ads don’t use fake login pages to steal someone’s account information. Instead, the ads use Javascript injection to collect the user’s Facebook data, a method that works even when the user is on the official Facebook login page—or any other website’s login page for that matter.
That’s why FlyTrap is so dangerous: it can quickly infect a large number of people via seemingly legitimate links and apps. While the malware is currently being used to steal personal data, it could be used for more nefarious purposes, such as facilitating a large-scale ransomware attack.
How to keep yourself safe from the FlyTrap trojan
In response to zLabs’ report, Google has already removed the malicious apps from the Play Store, and they are no longer active on any devices that installed them. They may, however, still be available on third-party websites. Unfortunately, Zimperium’s report does not name any of the offending apps.
Malicious ads are still active in the wild, so Android users must take precautions to protect their devices. Here are a few pointers:
- Use anti-malware and anti-virus apps to scan new apps you want to install for known threats before you download them, which could help infected users find and remove malware.
- Do not grant apps unnecessary permissions.
- Do not download unknown apps, even from the Google Play Store, and thoroughly vet the apps you do install.
- Do not click on unknown links, and beware of “too good to be true” offers and similar online scam techniques.
- Do not hand over your Facebook account info to any person or third-party apps.
- Only log into Facebook (and other social media) through the official app or website, and never when prompted by an ad, email, or unrelated app.
No Responses