If you’re an Android user, there are apps available on the Google Play Store that have been stealing your Facebook credentials. A new Android malware, dubbed ‘FlyTrap’, has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries.
The malware has been harvesting user credentials since March 2021 via fraudulent apps distributed through the Google Play Store and other third-party app marketplaces.
What is FlyTrap?
FlyTrap is a malware that employs social engineering tactics to breach a Facebook account. According to a report, the origins of the malware come from Vietnam.
Upon discovery, Google removed the malicious apps from its Play Store, but they are easily available on third-party app stores and websites. The list of apps is as follows –
- GG Voucher (com.luxcarad.cardid)
- Vote European Football (com.gardenguides.plantingfree)
- GG Coupon Ads (com.free_coupon.gg_free_coupon)
- GG Voucher Ads (com.m_application.app_moi_6)
- GG Voucher (com.free.voucher)
- Chatfuel (com.ynsuper.chatfuel)
- Net Coupon (com.free_coupon.net_coupon)
- Net Coupon (com.movie.net_coupon)
- EURO 2021 Official (com.euro2021)
How Does the Malware Work?
The malicious app has malware code injected into ordinary apps. It claimed to offer Netflix and Google AdWords coupon codes and allows users to vote for their preferred teams and players at UEFA EURO 2020, between 11 June and 11 July 2021.
To vote for their favourite teams and players, the app requires users to log in with their Facebook accounts to submit their vote or collect the coupon code.
When a user signs in to their Facebook account, the malware automatically jumps into action. FlyTrap steals the user’s Facebook ID, location, email address, IP address, and the cookies and tokens associated with the Facebook account.
Once it steals the victim’s data, it enables the malware to begin its malicious campaign. It uses the victim’s geolocation and other details to carry out social engineering attacks.
The only way to avoid this is to ensure that you download and install apps from original stores and do not link your social media accounts with the app.