Table of Contents
  • Home
  • /
  • Blog
  • /
  • How Does FlyTrap Trojan Hijack Facebook Accounts?
August 11, 2021

How Does FlyTrap Trojan Hijack Facebook Accounts?

How Does Flytrap Trojan Hijack Facebook Accounts

If you have a Facebook account and an Android phone. You must be aware of a new Trojan dubbed FlyTrap that has compromised more than 10,000 Facebook accounts across 144 countries. How does FlyTrap trojan hijack Facebook accounts, how can you prevent yourself from being the victim of the attack, and what should you do if your account has been compromised? Lets see the answers to all these questions in this post.

What Is FlyTrap Trojan?

FlyTrap is a recently uncovered malware program added to the family of Trojans that leverage social engineering tricks to compromise victims Facebook accounts, 

What Does FlyTrap Trojan Capable Of Doing?

FlyTrap Trojan steals the victims Facebook accounts via trojanised Android applications and collects the victims Facebook ID, location, email address, IP address, cookies, and tokens associated with the Facebook account to carry out the further spread of malware by running disinformation campaigns. 

It is also possible for FlyTrap Trojan to abuse the victims social credibility through personal messaging with links to the Trojan. 

Information Collected By FlyTrap Trojan:

  • Facebook ID

  • Location

  • Email address

  • IP address

  • Cookies and tokens associated with the Facebook account.

The Victims Of FlyTrap Trojan

Analysis report says there is no sign of targeting a specific group, community, geolocation, or country. Victims are around the globe. Since March 20201, This new Trojan has compromised more than 10,000 victims across 144 countries. The Zimperium zLabs mobile threat research team released a global map of victims.  

By Zimperiums zLabs mobile threat team

How Does FlyTrap Trojan Hijack Facebook Accounts?

Before we go in-depth, we just want to tell you that FlyTrap Trojan initially distribute the trojanised Android application through google and third-party play stores. Google has removed the infected apps from its play store, but these applications are still available on many third-party play stores. Just downloading the infected Android apps is not enough for the Trojan to hijack the victims Facebook accounts. The malware uses a lot of social engineering tricks to make the user supply their credentials. Let see what social engineering tricks the malware uses to hijack the credentials in depth. And, How Does FlyTrap Trojan Hijack Facebook Accounts?

Actors behind the FlyTrap Trojan attract victims with many exciting offers such as free Netflix coupon codes, free Google AdWords coupon codes, and voting for the best football (soccer) team or player. They just make victims download and install the infected apps hosted on Google and other third-party play stores.

After users install the applications, those malicious applications engage users with their high-quality design pages and force the users to respond. 

By Zimperiums zLabs mobile threat team

By Zimperiums zLabs mobile threat team

If a user came into the trap and responded, the apps will show the Facebook login page and ask him to log in to his Facebook account to get the free coupon. The fact is, no coupon code will get generated. But, the app tries to justify by showing a fake coupon code to the user. The truth is that the displayed Facebook login page was a phishing Facebook login page. 

By Zimperiums zLabs mobile threat team

By Zimperiums zLabs mobile threat team

FlyTrap Trojan sitting inside the app will also use original and legit domains to capture the victims Facebook credentials using JavaScript injection techniques. According to Zimperiums zLabs mobile threat team Using this technique, the application opens the legit URL inside a WebView configured with the ability to inject JavaScript code and extracts all the necessary information such as cookies, user account details, location, and IP address by injecting malicious JS code. Click here to read the original report.

How To Protect Yourselves From FlyTrap Trojan Infections?

  1. Please Dont install any untrusted applications either from Google Play store or any other third party play store.

  2. Remove these apps from your phone installed knowingly or unknowingly.

  3. Take the subscription of premium antimalware solutions and keep the definitions up to date.

  4. Dont click any unknown links.

  5. Dont come to the freebee trap. Always remember that No meal will come for free.

  6. Dont share any credentials with personal details.

  7. Dont log in or enter your credentials without confirmation.

  8. Dont allow access to use your phones camera, photos, messages, contacts for other third-party applications.

Indicators Of Compromise Of FlyTrap Trojan

Android Apps Serving FlyTrap Trojan:

  • com.luxcarad.cardid : GG Voucher

  • com.gardenguides.plantingfree : Vote European Football

  • com.free_coupon.gg_free_coupon : GG Coupon Ads

  • com.m_application.app_moi_6 : GG Voucher Ads

  • : GG Voucher

  • com.ynsuper.chatfuel : Chatfuel

  • Com.free_coupon.net_coupo n : Net Coupon

  • : Net Coupon

  • com.euro2021 : EURO 2021 Official

File Serving FlyTrap Trojan- Fingerprints/Hash Values:

  • 00833ff71a1709e60cb04acbcc7ceecd56323e693de3c424fb37205204d43105

  • fa08c2ca7d8614be2b0b58095d0f3115464e9139bf5051c4f3da15963bb31062

  • 30a3ad09199660baca6410a4ada290887390d9453d95eb1e84bdd984c89ecc3a

  • 8e6c98b247a2bb34d5004c3f14d2cbf2a22c987f960e86c760d44766f9361c59

  • 21b85beb9992fccb268fcef2904c5e6591a3c80b7fa8dd201e28782887fea2cb

  • d1cf14ccbc8f718111e59f9173475b2882dc6d1ca381ff3b726f2b471711aa7e

  • c4eed338a3449c57eb919eac9a41b5b5ca4d0223fda341005e68f5b673d745ad

  • 3b0137302a6b93cc4dd4d0a58749fc959f8d9ad26d022d6b10dc3d7608af3279

  • 3cd5cee4326d48c0b1f0c40d3b8f3e0d7ef7ef2b782afbe95e07a3d519ba5aee

  • 1a3b448853479bf6b23d283bd44b0458132c3cda1648eac631dfdc178aee5ac0

  • 5d671f5ed5e5855dc5727412b2a9293f42b7b5f31c3b924a30beacd8304863b6

  • 64f4f085050294d064860d0c9e323bbf21cb4f66773944646a9eaf4eab49e115

  • 8e2aa1a1a144f84511aafd76c83a23e33c3c107c914bb67761df32f6b68b6cf5

  • 96b235bc715d6089a163ca212d1e752c26918b3d3b1acec5bdebbdd1b40c4b85

  • f8845f98ca1233b6db2ef44913a115f3093308846ba805aaaf21753d97e4219c

Command & Controle Servers Of FlyTrap Trojan:

  • hxxp://

  • hxxp://

  • hxxps://

  • hxxp://

Thanks for reading the post. Please share this post and help to secure the digital world.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.



View All

Learn Something New with Free Email subscription