"New Android Trojan Hijacks Social Media"
Researchers at Zimperium have uncovered a new type of Android Trojan attack that spreads via social media hijacking. The new Android Trojan is codenamed FlyTrap and has hit at least 140 countries since March 2021 and has spread to over 10,000 victims through social media hijacking, third-party app stores, and sideloaded applications. The malware places victims at risk of identity theft by hijacking their social media accounts via a Trojan infecting their Android device. Data stolen by FlyTrap includes Facebook ID, location, email address, IP address, and cookies and tokens associated with the Facebook account. The researchers stated that these hijacked Facebook sessions could be used to spread the malware by abusing the victim's social credibility through personal messaging with links to the Trojan and propagating propaganda or disinformation campaigns using the victim's geolocation details. FlyTrap ensnares social media users by pretending to offer discount codes for Netflix and Google AdWords or asking users to vote for their favorite soccer team. Users are then taken to a fake Facebook login page and asked to enter their credentials. The researchers stated that the Trojan works by opening the genuine URL inside a WebView configured with the ability to inject JavaScript code. It then steals all the necessary information, such as the user's account details and IP address, by injecting malicious JS code. The threat actors behind this new session hijacking campaign are from Vietnam.
Infosecurity reports: "New Android Trojan Hijacks Social Media"