New malware called FlyTrap has compromised more than 10,000 Facebook accounts in about 140 countries since March, according to a new report.
FlyTrap has penetrated accounts through various tactics such as social media breaching, third-party app stores and malicious apps, according to US-based security company Zimperium. The malicious software primarily targeted victims using Google’s Android mobile operating system.
Zimperium’s zLabs mobile threat research team said its forensic evidence of this active attack points to malicious parties in Vietnam.
“These malicious applications were initially distributed through both Google Play and third-party application stores,” Zimperium said.
After the first detection, it reported the findings to Alphabet-owned Google, which verified the research findings and removed the malicious applications from the Google Play store.
“However, the malicious applications are still available on third-party, unsecured app repositories … highlighting the risk of side-loaded applications to mobile endpoints and user data,” the company said.
“The mobile application poses a threat to the victim’s social identity by hijacking their Facebook accounts via a Trojan [horse] infecting their Android device.”
The information collected from the victim’s Android device includes their Facebook ID, location, email address, intellectual property details of the device and other personal information associated with the Facebook account.
Facebook and Google did not respond to The National's request for comments.
How FlyTrap works?
The threat actors use several themes that users would find appealing such as free Netflix coupon codes, Google AdWords coupon codes and voting for the best football or cricket player.
“Initially available in Google Play and third-party stores, the [malicious] application tricked users into downloading and trusting it with high-quality designs and social engineering … after installation, the malicious application displays pages that engage the user and asks for a response from them,” Zimperium said.