Flytrap Is Spreading Fast and Has Compromised 10,000+ Users Worldwide. Codenamed "FlyTrap", this new Android Trojan malware has already according to a recent report from Zimperium, the global leader in mobile security. What makes this malware special is it employs social engineering tactics to compromise victim's Facebook accounts. FlyTrap targets Android users and can collect personal information such as: infected over 10,000 victims across more than 140 countries, their Facebook IDs, location information, email addresses, IP addresses, and the cookies and tokens associated with their Facebook accounts. The hackers can later disguise themselves as the victims to send more phishing links to the user's contacts via direct messages and posts or send them links covering others. They can also send them the updated, more dangerous malware after gaining the trust. How Does FlyTrap Malware Work? Zimperium's zLabs mobile threat research teams several previously undetected applications. Following their forensic investigation, the zLabs team determined this earlier undetected malware is part of a class of Trojans that employ social engineering tricks to compromise Facebook accounts. recently found Fake Applications The threat actors made use of several themes (such as free Netflix coupon codes, Google AdWords coupon codes, and voting for the best soccer team or player) that were popular among users. Originally available in Google Play and third-party stores, the application lured users toward downloading and trusting the application with high-quality designs and social engineering. After installation, the malicious application displays pages that engage the user and asks for a response from them. These are the nine malicious apps: GG Voucher (com.luxcarad.cardid) Vote European Football (com.gardenguides.plantingfree) GG Coupon Ads (com.free_coupon.gg_free_coupon) GG Voucher Ads (com.m_application.app_moi_6) GG Voucher (com.free.voucher) Chatfuel (com.ynsuper.chatfuel) Net Coupon (com.free_coupon.net_coupon) Net Coupon (com.movie.net_coupon) EURO 2021 Official (com.euro2021) Before the malware apps serving out the "promised goodies", to pick their vote or collect the coupon code or credits. For sure, there is no actual voting or coupon code for Netflix but just another trick to lure the users to give up their credentials. victims are told to log in with their Facebook accounts "Just like any user manipulation, the high-quality graphics and official-looking login screens are common tactics to have users take action that could reveal sensitive information," - zLabs researchers explained. " One difference of this trojan is that victims are actually logging in to the real Facebook website. However, while the user is logging into their official account, the FlyTrap Trojan is hijacking the session information using the techniques called "javascript injection". Then, the trojan uses victimized Facebook accounts to further spread its legs. By disguising as reliable owners, the malicious links and posts would seem legitimate. The malware would automate the process and send social posts and personal messages with links to the FlyTrap trojan. With one light touch, the trojan would propagate disinformation using the victim's device location information. Adding localized information to the social engineering attacks makes the spreading of this trojan highly effective from one victim to another. How to Protect Your Mobile Device In the worst cases, it can be painful or nearly impossible to, like any other personal data, get your data back - let alone the accounts that were broken into. That s why the best way to limit the loss is to ensure it never happens in the first place. Review SMS-Based 2FA of All Accounts You can use several other methods as your second "factor" that is more protected than text message-based verification. As mentioned, providing your phone number to a 3rd-party introduce the risk of data leak and further hijack other accounts. With a little investment, you can de-couple your cell phone number as a second factor. Security Keys Using a physical token (or security key) only for this purpose could help, such as the ones from Yubico called Yubikeys and Titan from Google. Most security key providers offer different form factors like USB-A, USB-C, lightning, or Bluetooth. No matter which one you choose, it's probably a physical thumb drive-shaped accessory that can fit on your keychain. When authentication is required, you need to plug the key into a USB port on your device, or, if it has an NFC wireless chip in it, hold the key up to your NFC-enabled phone. You can use security keys as secure logins on platforms like: , Google , Facebook , Dropbox , and Microsoft other sites that support or protocol. FIDO Y2F The main problem with keys is service compatibility. Another problem would be losing or misplacing a security key. For example, if keys are lost or stolen for people who put them on their keys, account lockouts are likely. Therefore, when you set up your key, you should set up a second backup key if anything bad happens to the first. 3rd-party Authenticator Apps You may already know how to use two-factor authentication to log into accounts. But may limit to using services that give a phone number or email address to receive a security code that requires active connections or phone services. This is a 2-factor authentication because: The phone with the app installed - Something you have. The time code in the app - Something you know. It also proves you have the device at the time period. Authenticator apps generate a time code to log into an account and provide stronger security Moreover, you don't need to be connected to the Internet to receive them, and they aren't vulnerable to being hacked via SIM hijacking. without the added privacy concern of giving out a phone number. Some accounts request you use a specific authenticator app, while others let you choose. Popular options include Google Authenticator (Android, iOS) and Microsoft Authenticator, supporting multiple accounts, and Authy, which also supports a range of accounts and offers secure cloud backups. Cyber Hygiene Although iPhone is less suspectable to hacking, configuration checks, jailbreak status, and dangerous network access are also useful for users to reduce attack vectors and mitigate risk. and are free and could offer various security checking including malicious apps flagging, Network access monitoring, and root status - for Android. Bitdefender McAfee provides malicious apps flagging, checking for potentially dangerous Wi-Fi networks, and if the iPhone has been jailbroken - for iOS. Lookout You Can't Protect What You Can't See. We have a process manager on laptops and desktops for monitoring. We can also increase our visibility on mobile devices' activity and background processes with some useful tools. - for iOS only. Lockdown Privacy - the easiest one I tried is Glasswire, which supports Android and Windows. Glasswire These tools are great for enhancing visibility and check if there is any new internet access from an app or background process. You can also quickly check if there is an app that consumes data that is out of scale. Another area that is worth reviewing is DNS. You can use this tool to check if there is any DNS request in a random format - some random domain name that is accessing by your device. This could be an indicator that the app is compromised and trying to send out information. Once you find out which one is contributing to the connection attempts, delete the app immediately. Key Takeaways Threat actors are leveraging common user misunderstandings that logging into the true domain is always secure. The targeted domains are popular social media platforms like Facebook and Google that people used to sign-up for websites. This malware campaign has been particularly powerful in harvesting social media users profiles from 140+ countries. These stolen accounts can be used as a botnet (or zombies) for various purposes: from expanding the popularity of pages/sites/products to spreading misinformation or political propaganda. Similar to any user manipulation, legitimate-looking login screens and high-quality graphics are typical tactics to have users give up sensitive information. In this case, while the user is logging into their official Facebook account, the FlyTrap Trojan is hijacking the information on the fly for wicked intent. FlyTrap is merely an example of the continuing, current threats against mobile devices intended to steal social media credentials. Mobile devices are often treasure troves of defenseless username/passwords to social media accounts, banking applications, and more. More importantly, the tools and techniques used by FlyTrap are not new but are effective enough because there is no advanced mobile endpoint security on these devices or in most devices. It would not take much for a malicious party to take FlyTrap or any other Trojan and modify it to target even more critical information. Thank you for reading. May InfoSec be with you🖖. This article was first published at: https://medium.com/technology-hits/how-to-keep-yourself-safe-from-the-flytrap-trojan-91c695fd390c Some definitions and explanations have been reworded from the following article: https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/

Apple

Dropbox

Facebook

Google

Microsoft

Netflix

Target

Avoid Stranger Danger: 
Review the new CISA Cybersecurity Guides

The Most Expensive Things in Life are “Free of Charge” - Protect Your Data

2021 - HackerNoon Contributor of the Year - CULTURE

Support Me on Coil

2021 - HackerNoon Contributor of the Year - PERSONAL-DATA

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Beginners Guide

Nominated for 2022 - HackerNoon Contributor of the Year - Containers

Nominated for 2022 - HackerNoon Contributor of the Year - Data Privacy

Too Long; Didn't Read

How to Keep Yourself from Becoming a Victim of Flytrap Malware

How to Keep Yourself from Becoming a Victim of Flytrap Malware

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps