- Location data
- IP addresses
- Email addresses
- Facebook IDs, cookies, login tokens, and more.
The hackers can then take over the user’s Facebook account and use it to send more phishing links to the user’s contacts via direct messages and posts, or send them links to sites that contain even more dangerous malware.
FlyTrap was traced back to a known malware group based in Vietnam, which distributes the malware in a variety of ways, including through apps created by the group and published on the Google Play store and other third-party Android app stores.
Hackers have also used bogus ads promising free Netflix codes, Google AdWords coupons, or even soccer tickets to launch attacks. If a user clicks on the ad, the app will prompt them to sign in with their Facebook account in order to claim the free offer—only to discover that the “offer” has expired.
That’s why FlyTrap is so dangerous: it can quickly infect a large number of people via seemingly legitimate links and apps. While the malware is currently being used to steal personal data, it could be used for more nefarious purposes, such as facilitating a large-scale ransomware attack.
How to keep yourself safe from the FlyTrap trojan
In response to zLabs’ report, Google has already removed the malicious apps from the Play Store, and they are no longer active on any devices that installed them. They may, however, still be available on third-party websites. Unfortunately, Zimperium’s report does not name any of the offending apps.
Malicious ads are still active in the wild, so Android users must take precautions to protect their devices. Here are a few pointers:
- Use anti-malware and anti-virus apps to scan new apps you want to install for known threats before you download them, which could help infected users find and remove malware.
- Do not grant apps unnecessary permissions.
- Do not download unknown apps, even from the Google Play Store, and thoroughly vet the apps you do install.
- Do not click on unknown links, and beware of “too good to be true” offers and similar online scam techniques.
- Do not hand over your Facebook account info to any person or third-party apps.
- Only log into Facebook (and other social media) through the official app or website, and never when prompted by an ad, email, or unrelated app.