This dangerous new Android trojan can hijack your Facebook account

Harvested login information was accessible to anyone on the internet

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have unraveled a malicious campaign that trickedAndroidusers with malicious apps in order to hijack their Facebook accounts.

According to researchers at mobile security company Zimperium, the campaign managed to hoodwink over 10,000 users across 140 countries.

“Forensic evidence of this active Android Trojan attack, which we have named FlyTrap, points to malicious parties out of Vietnam running this session hijacking campaign since March 2021. These malicious applications were initially distributed through bothGoogle Playand third-party application stores,” Zimperium’s Aazim Yaswant wrote in ablog postdetailing the campaign.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Yashwant notes that the researchers were able to turn the tables on the threat actors and used vulnerabilities in their command and control (C2) servers to deconstruct the campaign. Worryingly however he notes that these vulnerabilities also expose the entire database of stolen details to anyone on the internet.

Social engineering

According to Yashwant, on the face of it, the FlyTrap campaign is a run-off-the-mill scam that deceives people into voluntarily giving up their Facebook credentials. It does this by luring them with free coupon codes for services such asNetflix,Google AdWords, and more.

However, the malicious apps use the real Facebook single sign-on (SSO) service, which prevents them from harvesting users’ credentials.

The threat actors work around this problem by using a trick known asJavaScriptinjection to instead collect various other pieces of sensitive data associated with the Facebook session, including cookies and tokens.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This allows them to effectively hijack the Facebook session, which they then use to spread themalwareby running malicious campaigns through the Facebook user’s network.

Google has since removed the malicious apps from thePlay Store, after being sounded off by Zimperium. However, the apps are still available on third-party app stores and can still be side-loaded.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Scammers are using fake copyright infringement claims to hack businesses

HPE reveals critical security bug affecting networking access points

From Dishonored to Mafia: Definitive Edition, some of my favorite games are free right now for Amazon Prime members