[MART] - Daily Diary #322 - FlyTrap Android Trojan Compromised Facebook Accounts

[CTAS-MAT]

Hello,

I hope everyone is doing well!

Below is the entry for today.

08/09/2021 - Diary entry #322:


Since March 2021 a new Android Malware, named FlyTrap, infected more than 10,000 victims in 140 countries, through social media hijacking and third-party app stores. The apps were distributed on Google Play app store and were removed by Google, but they remain available on third-party repositories.


FlyTrap Trojan can steal Facebook accounts by collecting the victim's Facebook ID, Location, Email, IP address and cookies/tokens. Once hijacked the account, the threat actors can distribute the malware by impersonating the victim and send messages to their contacts.


The malware disguise itself as an app that can provide coupons for popular services such as Netflix and Google AdWords, or as a football voting app. After downloading the app, the victim is encouraged to login in with their Facebook Account. Behind the scenes, the malware opens the legit Facebook on a web view and steals the data by injecting malicious JavaScript into the page.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210809/a62a448b/attachment.htm>