How Does FlyTrap Trojan Hijack Facebook Accounts?

If you have a Facebook account and an Android phone. You must be aware of a new Trojan dubbed ‘FlyTrap’ that has compromised more than 10,000 Facebook accounts across 144 countries. How does FlyTrap trojan hijack Facebook accounts, how can you prevent yourself from being the victim of the attack, and what should you do if your account has been compromised? Let’s see the answers to all these questions in this post.

What Is FlyTrap Trojan?

FlyTrap is a recently uncovered malware program added to the family of Trojans that leverage social engineering tricks to compromise victim’s Facebook accounts, 

What Does FlyTrap Trojan Capable Of Doing?

FlyTrap Trojan steals the victim’s Facebook accounts via trojanised Android applications and collects the victim’s Facebook ID, location, email address, IP address, cookies, and tokens associated with the Facebook account to carry out the further spread of malware by running disinformation campaigns. 

It is also possible for FlyTrap Trojan to abuse the victim’s social credibility through personal messaging with links to the Trojan. 

Information Collected By FlyTrap Trojan:

The Victims Of FlyTrap Trojan

Analysis report says there is no sign of targeting a specific group, community, geolocation, or country. Victims are around the globe. Since March 20201, This new Trojan has compromised more than 10,000 victims across 144 countries. The Zimperium zLabs mobile threat research team released a global map of victims.  

By Zimperium’s zLabs mobile threat team

How Does FlyTrap Trojan Hijack Facebook Accounts?

Before we go in-depth, we just want to tell you that FlyTrap Trojan initially distribute the trojanised Android application through google and third-party play stores. Google has removed the infected apps from its play store, but these applications are still available on many third-party play stores. Just downloading the infected Android apps is not enough for the Trojan to hijack the victim’s Facebook accounts. The malware uses a lot of social engineering tricks to make the user supply their credentials. Let see what social engineering tricks the malware uses to hijack the credentials in depth. And, How Does FlyTrap Trojan Hijack Facebook Accounts?

Actors behind the FlyTrap Trojan attract victims with many exciting offers such as free Netflix coupon codes, free Google AdWords coupon codes, and voting for the best football (soccer) team or player. They just make victims download and install the infected apps hosted on Google and other third-party play stores.

After users install the applications, those malicious applications engage users with their high-quality design pages and force the users to respond. 

By Zimperium’s zLabs mobile threat team

By Zimperium’s zLabs mobile threat team

If a user came into the trap and responded, the apps will show the Facebook login page and ask him to log in to his Facebook account to get the free coupon. The fact is, no coupon code will get generated. But, the app tries to justify by showing a fake coupon code to the user. The truth is that the displayed Facebook login page was a phishing Facebook login page. 

By Zimperium’s zLabs mobile threat team

By Zimperium’s zLabs mobile threat team

FlyTrap Trojan sitting inside the app will also use original and legit domains to capture the victim’s Facebook credentials using JavaScript injection techniques. According to Zimperium’s zLabs mobile threat team “Using this technique, the application opens the legit URL inside a WebView configured with the ability to inject JavaScript code and extracts all the necessary information such as cookies, user account details, location, and IP address by injecting malicious JS code.” Click here to read the original report.

How To Protect Yourselves From FlyTrap Trojan Infections?