Security News > 2021 > August > FlyTrap malware hijacks thousands of Facebook accounts
A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies.
FlyTrap campaigns rely on simple social engineering tactics to trick victims into using their Facebook credentials to log into malicious apps that collected data associated with the social media session.
Researchers at mobile security company Zimperium detected the new piece of malware and found that the stolen information was accessible to anyone who discovered FlyTrap's command and control server.
FlyTrap campaigns have been running since at least March.
"Just like any user manipulation, the high-quality graphics and official-looking login screens are common tactics to have users take action that could reveal sensitive information. In this case, while the user is logging into their official account, the FlyTrap Trojan is hijacking the session information for malicious intent" - Aazim Yaswant, Android malware researcher, Zimperium.
Despite not using a new technique, FlyTrap managed to hijack a significant number of Facebook accounts.
News URL
Related news
- Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data (source)