Attention, Android users – a new type of Trojan malware is infecting smartphones around the world, stealing the personal data of thousands of users and putting their Facebook accounts at risk.
Accordingly a recent report The new Trojan, known as FlyTrap, was released by the zLab mobile security team at cybersecurity company Zimperium and has infected over 10,000 devices in at least 144 countries. Once active on a user’s device, it can collect personal data such as:
- Location data
- IP addresses
- Email address
- Facebook IDs, cookies, login tokens and more.
The hackers can then hijack the user’s Facebook account to send more phishing links via direct messages and posts to the user’s contacts, or to send them links that hide other, even more dangerous malware.
The zLabs researchers traced FlyTrap to a well-known malware group based in Vietnam that spread the malware in a number of ways, including through apps the group creates and publishes on the Google Play Store and other third-party Android app stores Has.
G / O Media can receive a commission
The hackers have also launched attacks with fake ads that promise free Netflix codes, Google AdWords coupons, or even tickets to a soccer game. When a user interacts with the ad, the app prompts them to sign in with their Facebook account to take advantage of the free offer – only so that they know that the “offer” has expired.
Note that these fake ads don’t use fake login pages to phishing someone’s account information. Instead, the ads draw the person’s Facebook data using Javascript injection, a method that works despite the legitimate Facebook login page or any website’s login page.
And that’s why FlyTrap is such a threat: it can quickly spread to multiple users via seemingly legitimate links and apps. While the malware is currently used primarily to steal personal information, it could also be used in more nefarious ways, such as enabling large-scale ransomware deployment.
How to protect yourself against the FlyTrap Trojan
Google has already removed the malicious apps from the Play Store in response to the zLabs report and the apps are no longer active on any device on which they are installed. However, they may still be available through third-party websites. Unfortunately, Zimperium’s report does not directly mention any of the offensive apps.
The malicious ads are still active in the wild too, so Android users need to be careful about the security of their devices. Here are some quick tips:
- Use Anti-malware and anti-virus apps to scan new apps you want to install for known threats before downloading them, which can help infected users find and remove malware.
- Don’t give apps unnecessary permissions.
- Do not download unknown apps, even from the Google Play Store, and thoroughly check the apps you have installed.
- Don’t click on unfamiliar links and beware of “too good to be true” offers and similar online fraud techniques.
- Don’t share your Facebook account information with anyone or third-party apps.
- Sign in to Facebook (and other social media) only through the official app or website and never when prompted by an advertisement, email, or an unrelated app.
[ZDNet]