Zimperium has revealed new Android malware said to have compromised the Facebook accounts of more than 10,000 people across 144 countries since March. The company dubbed this malware FlyTrap and said that until recently it was listed on the official Google Play Store.
FlyTrap masqueraded as a variety of mobile apps dedicated to “free Netflix coupon codes, Google AdWords coupon codes, and voting for the best football (soccer) team or player,” Zimperium said, and “tricked users into downloading and trusting the application with high-quality designs and social engineering” before attempting to gain access to their Facebook accounts.
Schemes like this often present fake websites, but in this particular case, Zimperium said that FlyTrap took users to Facebook’s legitimate sign-in page. The malware then used JavaScript injection to gain access to the user’s Facebook ID, location, email address, and IP address as well as the “Cookie and Tokens associated with the Facebook account” being accessed.
That stolen information is then transferred to FlyTrap’s command and control server. Zimperium actually discovered security vulnerabilities in the server it examined, which might be funny if it didn’t also “expose the entire database of stolen session cookies to anyone on the internet, further increasing the threat to the victim’s social credibility” in the process.
Zimperium said it warned Google of three malicious apps used to distribute the FlyTrap malware via the Play Store. They remain available via other platforms, however, which led the company to caution Android users about the potential dangers of sideloading apps onto their devices.
