Security News > 2021 > August > Android Malware ‘FlyTrap’ Hijacks Facebook Accounts

Researchers have uncovered a new Android trojan, dubbed FlyTrap, that's spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts.

Before the malware apps dish out the promised goodies, targeted users are told to log in with their Facebook accounts to cast their vote or collect the coupon code or credits.

The trojan uses victimized accounts to spread its tentacles, making it look like the rightful owners are sharing legitimate posts, zLabs researchers said: "These hijacked Facebook sessions can be used to spread the malware by abusing the victim's social credibility through personal messaging with links to the Trojan, as well as propagating propaganda or disinformation campaigns using the victim's geolocation details," they wrote.

More recently, a similar malware - a password- and cookie-stealer named CopperStealer - was found to have been compromising Amazon, Apple, Google and Facebook accounts since 2019, then using them for additional cybercriminal activity.

Melick also recommended that users enable multi-factor authentication for all social-media accounts and any other accounts with access to sensitive and private data.

If an Android user suspects that a Facebook account has been connected to a malicious party, Melick said to follow Facebook instructions to log out of all accounts on all devices, immediately change their passwords and enable MFA if not already in use.

News URL

https://threatpost.com/android-malware-flytrap-facebook/168463/