Security News > 2021 > August > Beware! New Android Malware Hacks Thousands of Facebook Accounts

Beware! New Android Malware Hacks Thousands of Facebook Accounts
2021-08-10 00:26

A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces.

Dubbed "FlyTrap," the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as part of a session hijacking campaign orchestrated by malicious actors operating out of Vietnam, according to a report published by Zimperium's zLabs today and shared with The Hacker News.

Although the offending nine applications have since been pulled from Google Play, they continue to be available in third-party app stores, "Highlighting the risk of sideloaded applications to mobile endpoints and user data," Zimperium malware researcher Aazim Yaswant said.

The malicious apps claim to offer Netflix and Google AdWords coupon codes and let users vote for their favorite teams and players at UEFA EURO 2020, which took place between 11 June and 11 July 2021, only under the condition that they log in with their Facebook accounts to cast their vote, or collect the coupon code or credits.

Once a user signs into the account, the malware is equipped to steal the victim's Facebook ID, location, email address, IP address, and the cookies and tokens associated with the Facebook account, thus enabling the threat actor to carry out disinformation campaigns using the victim's geolocation details or propagate the malware further via social engineering techniques by sending personal messages containing links to the trojan.

"The targeted domains are popular social media platforms and this campaign has been exceptionally effective in harvesting social media session data of users from 144 countries. These accounts can be used as a botnet for different purposes: from boosting the popularity of pages/sites/products to spreading misinformation or political propaganda."

News URL

Related vendor

Facebook 22 2 46 38 3 89
Android 5 0 19 1 0 20