New FlyTrap Android Malware Affects Thousands of Devices
Mobile security researchers have uncovered a new mobile malware making the rounds. The malware has been dubbed FlyTrap and affects Android devices.
According to reports, over 10 thousand devices have had FlyTrap deployed on them, with victims in nearly 150 different countries all over the globe. The report detailing the malware comes from zLabs - a branch of mobile security firm Zimperium.
The malware was spotted in both applications that were on the Google Play Store and on third-party app depots. The infected app packages have been promptly taken down from the Play Store, following zLabs' notification sent to Google. Curiously, researchers have traced the mobile malware back to a group of bad actors based in southern Asia, specifically in Vietnam.
The malware acts as a Trojan and uses recognizable social engineering tricks to pull off Facebook account takeovers. The way FlyTrap works is, it displays innocent-looking ads in the malicious apps, including ads for coupons or innocuous-looking voting games and polls. Researchers also noted that all banners and buttons related with the malware were produced to a high visual and quality standard, lending further credibility to the scheme.
The buttons and links ask users to log into their Facebook accounts, while FlyTrap hijacks the information input and essentially gains access to the account.
A final curious detail about the malicious campaign is that even after victims feed their Facebook credentials to the hackers, the apps display one last message, saying the fake Netflix coupon or other dangled bait is now expired. This probably adds a further edge of fake legitimacy to the whole campaign.
To make matters worse, researchers discovered that the servers the bad actors behind FlyTrap use are misconfigured and can be hacked into and expose all stolen accounts and credentials to other threat actors or "anyone on the internet".
Here is a list of application names and associated domains that are known to contain FlyTrap, as published by zLabs:
GG Voucher (com.luxcarad.cardid)
Vote European Football (com.gardenguides.plantingfree)
GG Coupon Ads (com.free_coupon.gg_free_coupon)
GG Voucher Ads (com.m_application.app_moi_6)
GG Voucher (com.free.voucher)
Chatfuel (com.ynsuper.chatfuel)
Net Coupon (com.free_coupon.net_coupon)
Net Coupon (com.movie.net_coupon)
EURO 2021 Official (com.euro2021)