FlyTrap Android Malware Used to Compromise Facebook Accounts
Zimperium has revealed new Android malware said to have compromised the Facebook accounts of more than 10,000 people across 144 countries since March. The company dubbed this malware FlyTrap and said that until recently it was listed on the official Google Play Store.
FlyTrap masqueraded as a variety of mobile apps dedicated to “free Netflix coupon codes, Google AdWords coupon codes, and voting for the best football (soccer) team or player,” Zimperium said, and “tricked users into downloading and trusting the application with high-quality designs and social engineering” before attempting to gain access to their Facebook accounts.
That stolen information is then transferred to FlyTrap’s command and control server. Zimperium actually discovered security vulnerabilities in the server it examined, which might be funny if it didn’t also “expose the entire database of stolen session cookies to anyone on the internet, further increasing the threat to the victim’s social credibility” in the process.
Recommended by Our Editors
Zimperium said it warned Google of three malicious apps used to distribute the FlyTrap malware via the Play Store. They remain available via other platforms, however, which led the company to caution Android users about the potential dangers of sideloading apps onto their devices.