Beware, Android users—a new trojan malware is infecting smartphones worldwide, stealing thousands of users’ personal data and compromising their Facebook accounts.
According to a recent report published by cybersecurity firm Zimperium’s zLab mobile security team, the new trojan, known as FlyTrap, has infected over 10,000 devices in at least 144 countries. Once active on a user’s device, it can collect personal information like:
- Location data
- IP addresses
- Email addresses
- Facebook IDs, cookies, login tokens, and more.
The hackers can then hijack the user’s Facebook account to send more phishing links to the user’s contacts via direct messages and posts, or send them links hiding other, even more dangerous malware.
The zLabs researchers traced FlyTrap back to a known malware group based in Vietnam that distributes the malware in multiple ways, including via apps the group created and published on the Google Play store and other third-party Android app stores.
The hackers have also launch attacks using fake ads promising free Netflix codes, Google AdWords coupons, or even tickets to a soccer match. If a user engages with the ad, the app will ask them to log in with their Facebook account to claim the free offer—only for them to learn the “offer” has expired.
Note that these fake ads are not using fake login pages to phish someone’s account info. Instead, the ads scoop up the person’s Facebook data using Javascript injection, a method that works even though the legit Facebook login page—or the login page of any website, for that matter.
And that’s why FlyTrap is such a threat: it can quickly spread to multiple users through seemingly legitimate links and apps. While the malware is mostly being used to steal personal data at the moment, it could also be employed in more nefarious ways, such as to facilitate a large-scale ransomware deployment.
How to keep yourself safe from the FlyTrap trojan
Google has already removed the malicious apps from the Play Store in response to zLabs’ report, and the apps are no longer active on any devices that installed them. However, they may still be available through third-party websites. Unfortunately, none of the offending apps are directly named in Zimperium’s report.
The malicious ads are also still active in the wild, so Android users need to take care to keep their devices safe. Here are some quick tips:
- Use anti-malware and anti-virus apps to scan new apps you want to install for known threats before you download them, which could help infected users find and remove malware.
- Do not grant apps unnecessary permissions.
- Do not download unknown apps, even from the Google Play Store, and thoroughly vet the apps you do install.
- Do not click on unknown links, and beware of “too good to be true” offers and similar online scam techniques.
- Do not hand over your Facebook account info to any person or third-party apps.
- Only log into Facebook (and other social media) through the official app or website, and never when prompted by an ad, email, or unrelated app.